July 3, 2017

The report explains that the new e-Privacy proposal, together with the General Data Protection Regulation, seek to modernise the data protection legal framework across the EU. The proposed e-Privacy Regulation repeals the current e-Privacy Directive (2002/58/EC) in order to align its rules to those of the GDPR and to establish a legal framework, which takes account of the important technological and economic developments in the electronic communication sector since the adoption of the e-Privacy Directive in 2002. Accordingly, the proposed Regulation covers Over-The-Top providers as well as traditional telecoms providers. It also takes into account recent case law from the Court of Justice of the European Union.

The report finds that, although the new e-Privacy Regulation is not supposed to lower the level of protection afforded by the General Data Protection Regulation, it does in fact, in some areas, do exactly that. This has also been the finding of the Article 29 Data Protection Working Party and the European Data Protection Supervisor. The report therefore finds that the proposed text needs to be amended in order to ensure that it will deliver a high level of protection corresponding at least to that offered by the GDPR.

The report supports the extending of the scope of the Regulation to cover OTT providers. The proposal should, according to the report, not only apply to the use of electronic communications services and to information related to and processed by the terminal equipment of end-users, as well as to the software permitting end-users’ electronic communications, but also to the sending of direct marketing commercial communications and the collection of (other) information related to or stored in end users’ terminal equipment by third parties.

The report recommends amendments to various definitions, including “user” and “electronic communications metadata”.

The report also proposes several amendments to Article 6, providing for the conditions allowing the lawful interference with the right of confidentiality of communication in order to process electronic communications data in specific circumstances and under specific conditions.

The report welcomes the objective of the proposal to protect information stored in a user’s terminal equipment, from accessing it or installing or placing software or information without the consent of the user. However, the report finds that the proposed regime does not ensure a high enough level of protection. Accordingly, the report makes various amendments to Article 8 to bring it into line with the GDPR.

The report also recommends amendments are made to Article 10 (covering Do-Not-Track mechanisms) and to Article 16 (covering unsolicited communications for direct marketing purposes), as well as to the fines and sanctions regime, all in order to bring the proposal into line with the GDPR.

The rapporteur, Marju Lauristin, expects her proposals to form “a good basis for swift agreement in the European Parliament and negotiations with the Council in order to ensure that the legal framework is in place by 25 May 2018.” To access the report, click here.