Esomar Calls for Smarter and Simpler EU Digital Rules

In an effort to boost competitiveness and strengthen Europe’s industrial fabric, the European Commission is rolling out a strategic package to simplify EU regulatory frameworks across different sectors: the Digital Omnibus. From agriculture and defence to the environmental and digital landscapes, this comprehensive initiative aims to cut red tape and ease the administrative burden on European businesses, particularly small and medium-sized enterprises (SMEs). The EU’s digital regulatory framework is multifaceted, setting high standards for safety, data protection and privacy across the Union. While these rules are fundamental for safeguarding individuals’ rights, their successful implementation cannot be achieved without an adequate level of regulatory harmonisation, streamlined processes and legal clarity.

For businesses in the market research, insights and data analytics sector that handle large amounts of data daily, navigating digital regulatory frameworks has become a constant challenge. Compliance with digital regulations such as the GDPR, the ePrivacy Directive, the Data Act and the AI Act is not optional; it is necessary to guarantee integrity, transparency and accountability in research practices and to ultimately protect data subjects’ rights. However, the growing patchwork of digital rules has created legal uncertainty and operational challenges for research and insights businesses, especially as emerging technologies reshape the industry.

The European Commission’s digital simplification initiative therefore couldn’t be more timely, as it offers a unique opportunity to support the research sector in operating more efficiently and innovatively. In view of this, Esomar has stepped up to contribute actively to this simplification agenda, by providing feedback and statements as the strategic package is developed and implemented. As an initial step, Esomar has published a position paper in response to the European Commission’s Call for Evidence on digital simplification. Starting from the research and insights sector’s current challenges and needs, the paper outlines important recommendations for achieving consistent application of digital rules and greater legal clarity. A coherent and streamlined EU digital framework is necessary to empower the market research, insights and data analytics sector to continue delivering high-quality insights that benefit citizens, businesses, and policymakers alike.

The position paper identifies several areas where simplification and harmonisation of digital rules would significantly strengthen compliance and trust across the sector:

1. Clarification of roles and responsibilities in data processing chains

The implementation of the European Union’s Global Data Protection Regulation (GDPR) has revealed significant challenges for the insights sector, including inconsistent national interpretations, legal uncertainty in complex data processing chains, and misalignment with other legislative frameworks. Esomar has urged the European Commission to provide clearer guidelines for determining the roles and responsibilities of controllers, processors, joint controllers, and third parties. The current default assumption that clients commissioning research projects are always data controllers oversimplifies the nuanced nature of research partnerships, where suppliers often determine methodologies and handle personal data independently. A case-by-case assessment would better reflect the complexity of research data chains and ensure accurate attribution of responsibilities.

2. Common framework for scientific research

A common framework recognising all legitimate forms of empirical research involving personal data and reflecting the diversity of research purposes, funding sources, and applications would enhance legal certainty, ensure consistency and facilitate ethical data use in research and developments in artificial intelligence (AI). As such, a broad and inclusive definition of what constitutes “scientific research” under Article 89 GDPR, and aligned across EU and national regulations, is needed. The absence of a clear definition of “scientific research” in the GDPR and other digital frameworks has led to inconsistent applications and operational challenges.

3. Clarification of pseudonymised and anonymised data

Legal uncertainty persists around the GDPR’s application to pseudonymised data. Esomar supports the adoption of a context-based interpretation, consistent with the ECJ’s ruling in Case C-413/23 P, whereby pseudonymised data does not automatically constitute personal data for the recipient and a case-by-case assessment is necessary. This would reduce unnecessary compliance burdens for research organisations handling large datasets and support a proportionate, risk-based data governance.

4. Legal bases for data processing

Greater harmonisation is needed around the interpretation of ‘legitimate interest’ as a legal basis for personal data processing, to ensure its appropriate application across different frameworks and reduce consent fatigue among data subjects.

5. Alignment between the GDPR and the ePrivacy directive

With the withdrawal of the ePrivacy Regulation, Esomar recommends a revised framework that harmonises the GDPR with the outdated ePrivacy Directive, especially regarding consent and exemptions for audience measurement in research. Alignment between these two frameworks would support responsible data use and enhance legal certainty.

6. Alignment between the GDPR and the EU AI act

As the EU AI Act progresses towards implementation, it is important to reconcile the GDPR’s principle of data minimisation with the need for sufficient, representative datasets to ensure fairness and mitigate bias, as required by the EU AI Act. While data minimisation remains a foundational privacy safeguard, it must be balanced with other data practices’ principles, such as fairness, transparency, and accountability, whose successful implementation requires access to adequate data.

7. Support for SMEs in the AI landscape

The growing concentration of AI capabilities among a few, large providers risks marginalising smaller market players, such as SMEs within the research and insights ecosystem. Recognising the unique challenges faced by SMEs, Esomar advocates for proportionate accountability obligations in the AI Act, targeted exemptions, and simplified procedures for SMEs, recognising their lower risk profile and limited AI literacy. Formal recognition of self-regulatory tools, such as the ICC/ESOMAR International Code of Conduct, would further allow to demonstrate compliance and maintain competitiveness within the European research landscape.

The EU’s digital simplification agenda is more than a regulatory clean-up; it’s a strategic enabler for innovation and competitiveness. Esomar’s recommendations aim to ensure that through a coherent and streamlined European digital framework the research and insights sector, its members and the overall community can continue to deliver high-quality, impactful insights that benefits citizens, businesses, and policymakers.