ePrivacy Regulation Update – February 2020
After the Finnish presidency’s sterling, but ultimately fruitless efforts to achieve agreement on the ePrivacy Regulation, the Croatian presidency is facing a formidable task.
The Croatians are hoping to break the deadlock on progress which has frustrated efforts to reach consensus since the first draft of the regulation was published in January 2017.
ePrivacy Regulation – What is it?
Just to recap, the aim of the ePrivacy Regulation is to overhaul the EU ePrivacy Directive. This gave us the UK’s Privacy and Electronic Regulations (known as PECR). The desire is to update the rules to reflect significant technological developments and ensure alignment with GDPR. As a regulation, not a directive, the hope is for harmonisation across EU member states. Less room for individual member states to interpret the rules differently.
What’s the latest?
On 21st January there was a meeting of the LIBE committee (of the Council of the EU). The Croatian minister Josip Bilaver, addressed MEPs and highlighted the key outstanding areas which he summarised as being:
- the relationship between ePrivacy and GDPR as well as the scope of the ePrivacy
- the legal grounds to process data and metadata from electronic communication
- the issue of access to website content dependant on consent to cookies
- the fight against child imagery online
- the fight against online fraud
The Croatians have set out their intended approach which aims to strike the right balance between protecting privacy and enabling economic growth, innovation and development.
Given the EU’s ambition for 5G, and artificial intelligence, an ePrivacy Regulation that enables innovation is especially important. Mr Bilaver struck a cautionary note;
“Finding the right formula is hard. Given that the past 7 presidencies have not be able to find a solution, it is presumptuous to say that Croatia will find a solution, but we will work hard in that direction.”
The next step will be for the Croatian Presidency to present a new proposal for discussion at the next meeting of the EU’s Telecommunications Working Group.
However, even before the Croatians have had chance to present their proposal, MEPs from Germany and Holland have challenged the direction of travel. FEDMA summarised this in their latest update report.
Arguments centre around a belief the ePrivacy text is not the right place to introduce new provisions surrounding matters such as data retention. Furthermore, both Dutch and German MEPs are pressing for a pro privacy protection stance. There’s opposition to any potentially commercially-driven watering down of the protection of citizen’s privacy. An overwhelming concern is lack of progress.
The Commission of the EU declined to respond to the challenge about the lack of progress. However, Peter Eberl, Deputy Head of Unit Cybersecurity and Digital Privacy, reiterated the importance the ePrivacy legislation. He confirmed the Commission is going to work hard with the other institutions to finalise the Regulation, quashing rumours of a repeal of the text.
Views of the different stakeholders in this ongoing debate appear to remain polarised. The Croatians will need to overcome a huge challenge in order to harmonise views and achieve agreement on a common approach. We’ll have to sit tight and watch how the journey to a final ePrivacy Regulation proceeds.
A further consideration is Brexit. While most believe the UK will adopt a finalised ePrivacy Regulation into UK Law, nothing is certain.
DPN Deputy Chair & Senior Associate, Opt-4
Help is at hand
Do you need support assessing the potential impact of the ePrivacy Regulation on your business? Opt-4 is on standby to help with this an any other pressing data protection issues you might be facing.
Email us: firstname.lastname@example.org or telephone: 020 3858 9614
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.