European Commission Proposes New e-Privacy Regulation

• 12/01/2017
• Articles

On 10 January 2017, the European Commission proposed to replace the current Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (e-Privacy Directive) with a new Regulation (Proposed Regulation).

The Proposed Regulation will bring the current rules governing electronic communications in line with the General Data Protection Regulation (GDPR) and address sector-specific privacy-related issues such as secrecy of correspondence. As a Regulation, the rules will apply directly in all Member States, thus harmonising differences that currently exist in areas such as consent to the use of cookies.

The Proposed Regulation provides for a number of important changes to the current framework:

• The scope of the Proposed Regulation would include providers of communication services via Internet-based applications, the so called Over-the-Top communication services (e.g., Skype, WhatsApp). This is in contrast with the current e-Privacy Directive, which does not refer to providers of communications services;
• The Regulation would also address access to e-communication services by government agencies for surveillance and monitoring;
• The rules on cookie consent would be updated: analytics cookies may be exempted from the requirement to obtain consent, and if such consent would still be required, it would be possible to obtain same through browser settings; and
• The fines and enforcement provisions are updated in line with the GDPR.

If the rules were to be adopted as proposed by the European Commission, they would enter into force on the same date as the GDPR, i.e., on 25 May 2018. Whether this timing is met will depend on the review of the Proposed Regulation in the European Parliament.

The full text of the Proposed Regulation can be consulted here.