The landscape of digital privacy in both Europe and Vietnam is on the verge of significant transformation as lawmakers and regulators grapple with the challenges of protecting personal data in an age of relentless technological change. From Brussels to Hanoi, the debate over how best to safeguard sensitive information—while supporting innovation and economic growth—has reached a new level of urgency, with reforms and new regulations now poised to reshape the rules of the digital road.
In Europe, the omnipresent cookie consent banners that have blanketed the internet for more than a decade may soon become a thing of the past. According to reporting from Cafef, the European Commission is actively considering a major overhaul of privacy regulations related to cookies, aiming to cut through the administrative red tape that has, in many ways, backfired. The 2009 e-Privacy Directive, which requires websites to obtain explicit user consent before setting cookies—except for those deemed “strictly necessary”—was intended to empower users. Yet, after 16 years, it has arguably achieved the opposite. Internet users across the continent have become so accustomed to the constant barrage of consent requests that most now click “accept” without a second thought.
Legal expert Peter Craddock summed up the problem succinctly: “Too much consent kills the very meaning of consent. Users have become used to accepting everything, leading to their choices losing real significance.” This sentiment is echoed by many in the digital industry, who argue that the current system is not just ineffective but also stifling for businesses and frustrating for users.
Change is on the horizon. The European Commission has announced plans to publish a comprehensive “summary” document in December 2025 that will propose eliminating some of the more burdensome requirements for the tech sector. Among the ideas under discussion are allowing users to set their cookie preferences just once in their browser—rather than on every website—and expanding exemptions for cookies that serve only technical or basic statistical purposes. Denmark, which currently holds the rotating presidency of the EU Council, has already proposed removing consent requirements for cookies used for these low-risk functions.
The digital industry, for its part, wants to see cookie regulation moved under the umbrella of the General Data Protection Regulation (GDPR). As reported by Cafef, proponents argue that GDPR’s risk-based approach is more flexible and offers greater legal certainty, allowing businesses to rely on “legitimate interest” as a legal basis for certain data processing activities. But privacy advocates are wary. Loosening the rules, they warn, could open the door to covert advertising tracking and undermine hard-won privacy rights.
Itxaso Dominguez de Olazabal, an expert at European Digital Rights, noted, “The current law already allows exceptions for necessary cookies, such as remembering products in a shopping cart. Expanding exceptions to other forms of ‘essential’ tracking could legitimize covert advertising technologies.” This tension—between streamlining user experience and maintaining robust privacy protections—has stymied reform efforts before. In fact, the proposed e-Privacy Regulation, introduced back in 2017, was withdrawn earlier this year after EU member states failed to reach consensus.
Observers expect the debate to intensify in 2026, when the European Commission is set to introduce the Digital Fairness Act, a new piece of legislation that will focus on shielding consumers from manipulative or opaque advertising. The challenge for EU policymakers, experts say, is to strike a balance between individual privacy and the competitiveness of Europe’s digital economy. While many users are eager to see an end to the endless parade of cookie pop-ups, privacy advocates caution that any relaxation of the rules must be carefully considered to avoid eroding fundamental rights.
Meanwhile, on the other side of the world, Vietnam is moving forward with its own comprehensive approach to personal data protection. The Ministry of Public Security has drafted a detailed decree under the country’s Personal Data Protection Law, placing special emphasis on sensitive personal data such as banking transaction records and credit information. As outlined by Cafef, the draft decree draws a clear distinction between basic personal data—such as biographical information used in everyday transactions—and sensitive personal data, which includes everything from biometric and genetic information to criminal records and financial details.
Under the draft, any organization or individual that stores or processes sensitive financial data must notify the “data owner” within 72 hours of detecting a leak or loss of information. This is a significant departure from existing regulations, which lack a specific notification deadline and have sometimes led to delayed responses and increased risk for consumers. The decree also mandates that financial institutions protect personal data according to international standards, conduct annual compliance reviews, and maintain detailed logs of all data processing activities.
Vietnamese authorities are acutely aware that personal data has become a critical resource for digital transformation, economic development, and the building of a digital society. The rapid growth of infrastructure and the advent of technologies such as big data analytics, artificial intelligence, cloud computing, blockchain, and the metaverse have only increased the importance—and the vulnerability—of personal information. Despite these advances, data leaks and theft remain common, often due to limited awareness and inadequate protections.
As Cafef reports, some businesses have been found collecting customer data and then allowing third-party partners access without sufficient regulation. In some cases, companies have even built up “data warehouses” for the explicit purpose of selling both raw and processed personal data. This has led to growing calls for not only stricter enforcement but also a cultural shift toward greater respect for privacy and clearer accountability for organizations that handle sensitive information.
The Ministry of Public Security has made it clear that the new decree is intended to flesh out key provisions of the Personal Data Protection Law, providing practical guidance and strengthening the legal framework for personal data protection. The goal, officials say, is to enhance Vietnam’s ability to protect personal data to international standards, ensure compliance, and promote the lawful use of data for economic and social development.
Both Europe and Vietnam now face the same fundamental dilemma: how to protect individual privacy in an era when personal data has become the lifeblood of the digital economy. The solutions may differ in their details, but the stakes are the same. As regulators and lawmakers on both continents push forward with reforms, the outcome will shape not only the future of privacy but also the contours of digital life for millions.
With new laws and proposals on the table, the coming years will reveal whether these efforts can deliver the elusive balance between innovation and privacy—or simply add new layers of complexity to an already tangled web.
