E-Privacy – The European Commission Issues a Proposal for a New Regulation

By Maria Sturm

On 6 May 2015, the European Commission issued a communication with the title “A Digital Single Market Strategy for Europe” to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. This digital single market strategy is comprised of three main pillars:

  1. Better access to online goods and services for consumers and businesses across Europe.
  2. Creating the right conditions for digital networks and services to flourish.
  3. Maximizing the growth potential of the European Digital Economy.

The second pillar includes the goal of creating new possibilities to process communication data and to reinforce trust and security in the Digital Single Market[1]. Therefore, in January 2017, the EU Commission issued a proposal for a “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)”. A study was conducted on behalf of the EU Commission to evaluate and review Directive 2002/58/EC. The most important findings of the study were:

  1. The Member States transposed the directive in very different ways. This uneven transposition led to legal uncertainty and an uneven playing field for operators.
  2. This fragmented implementation leads to higher costs for businesses operating cross-border in the EU.
  3. New means of communication (e.g. WhatsApp) are not covered by the directive. This means that EU citizens enjoy a different level of protection, depending on which communications tools they use.

Based on these findings, the new proposal seeks to keep up with the pace of the fast developing IT-services. The data business is an important economic actor, which creates a lot of workplaces. This sector needs to be able to use data and make it available. But on the other hand, consumer protection and privacy, as emphasized in Art. 7 of the Charter of Fundamental Rights of the EU, are important in establishing and maintaining trust in the digital single market. Thus, the proposal aims to strike the right balance between the expectations of businesses and the expectations of consumers, and to establish a framework for more security on both sides.

The focal points of the proposal are:

  1. The directive will be replaced by a regulation to create an even playing field for operators across the EU. While a directive needs to be transposed by each single Member State, the regulation becomes immediately enforceable.
  2. The proposal covers new means of communication, such as instant messaging or VoIP telephony[2], the so-called “Over-the-Top communications services”. It therefore guarantees the same level of confidentiality no matter whether a citizen of the EU uses a new communication system or makes a “traditional” phone call.
  3. New business development opportunities can emerge, because once consent is given, communication data can be used to a greater extent.
  4. Cookie-rules, which today are cumbersome and result in an overload of consent requests, will be streamlined and made more user-friendly.
  5. Spam protection will be increased.
  6. Enforcement will be delegated to national data protection authorities, which are already responsible under the General Data Protection Regulation. This makes enforcement more effective.

The proposal attacks directly the problems and issues detected by the study on Directive 2002/58/EC and aligns the ePrivacy legislation with the General Data Protection Regulation of April 27, 2016 (see also TTLF Newsletter of February 3, 2017). There may be further changes made to the proposal during the rest of the discussion. It remains to be seen exactly what those developments will entail. However, it is a given that the current legislation on privacy and electronic communication is fragmentary and needs to adapt to new electronic evolutions and needs.

[1] European Commission, Press Release IP-17-16.

[2] Voice over Internet Protocol.

Advertisements