In a bid to find consensus the European Commission has announced it’s preparing a revamped ePrivacy proposal. This follows the recent rejection by EU member states of the current draft of the ePrivacy Regulation, crafted by the Finnish Presidency.
On 3rd December, EU Internal Market Commissioner, Thierry Breton, announced that a new proposal will be put on the table with the aim of reaching an agreed position across all member states. Mr Breton stressed the work done so far would not be in vain and the process would not start completely “from scratch”.
The Finnish Presidency, which runs until the end of December, had tried to break the deadlock on the ePrivacy journey by introducing a number of proposed amendments. (They really can’t be criticised for a lack of persistence – in their attempts to find consensus they presented compromise texts to the Telecommunications and Information Services working party no less than ten times!). But all seemingly to no avail, when in late November EU member state representatives voted against the Finnish draft.
The result of this vote was perhaps unsurprising as the Finns had reported that discussions under their presidency “revealed different views and priorities among member states on several aspects of the proposal.”It’s understood incompatibility with GDPR, cookie tracking, consent requirements and processing electronic communications data by third parties were amongst a number of areas of disagreement. This alongside “the need not to undermine existing business models” which seems to allude to activities such as programmatic advertising and real time bidding (areas which have been the focus of much discussion by the ICO in the UK).
The news of an imminent revamped proposal is likely to be welcomed by FEDMA and other trade bodies, who’ve being raising concerns and calling for revisions. It may also go some way to assuage critics such as Diego Naranjo, Head of Policy at European Digital Rights who expressed disappointment at the rejection of the Finnish draft; “By first watering down the text and now halting the ePrivacy Regulation, the council takes a stance to protect the interests of online tracking advertisers and to ensure the dominance of big tech. In this era of disinformation and privacy scandals, refusing to ensure strong privacy protections in the ePrivacy Regulation is a step backward for the EU.”
What next for ePrivacy?
In 2020 the European Commission will present its new proposal for consideration under the Croatian Presidency who will pick up the baton for the first half of the year, followed by the German six-month presidency.
As time has gone on, the requirements of the scope of an ePrivacy Regulation seem to have shifted and the European Commission appear to have recognised that a more significant overhaul is required. There have been are calls for a more flexible risk-based approach which could work now and into the future as technology continues to develop. It will be interesting to see if the European Commission’s revemap can achieve that. If the Commission’s new proposal can reflect the range of opinions across EU members states, agreement may finally be possible. But don’t hold your breath.
For the time being, the rules across the EU surrounding the privacy of data being communicated electronically will remain a mix of different national interpretations of the ePrivacy Directive, which businesses will have to continue to fathom.
Debbie McElhill, December 2019
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.