The E-Privacy Regulation: light at the end of the tunnel?
18/02/2021

On 10 February 2021, after years of failed attempts, the Council of the European Union finally agreed on a negotiating mandate for the E-Privacy Regulation (the Mandate). The Mandate enables the Portuguese presidency to start discussions with the European Parliament in order to reach a consensus on the legislation that should replace the existing ePrivacy Directive (Directive 2002/58/EC, which is nearly 20 years old) and should particularise and complement the GDPR with rules on the protection of privacy and confidentiality in the sector of electronic communications.

The Mandate contains a proposal for an E-Privacy Regulation that is over 80 pages long (the E-Privacy Proposal). Please find below some key takeaways.

1.  Under the Mandate, the E-Privacy Proposal will apply to end-users in the European Union. In this regard – and in contrast to the GDPR – it should be noted that end-users can be both natural and legal persons.

2.  The E-Privacy Proposal covers electronic communications data, which includes both electronic communications content and electronic communications metadata (such as data used to trace and identify the source and destination of a communication, data on the location of the device, data on the date, time, duration and type of the communication, etc.). 

As a main rule, electronic communications data shall be confidential. Any interference with electronic communications data, including listening, tapping, storing, monitoring, scanning or other types of interception, surveillance and processing of such data, by anyone other than the end-users concerned, shall be prohibited, except when expressly permitted by the E-Privacy Proposal. 

The E-Privacy Proposal allows such processing of electronic communications data without the consent of the end-user(s) in certain specific circumstances, for instance if it is necessary to maintain the integrity of communications services, to detect malware or viruses, or in cases where the service provider is bound by Union or Member States law on the prosecution of criminal offences or the safeguarding of public security. 

Additionally, the E-Privacy Proposal provides for a wide range of permitted uses for electronic communications metadata and even allows such metadata to be processed for purposes other than those for which it was initially collected (in certain cases and under certain circumstances).

3.  The E-Privacy Proposal also aims to protect the end-user’s terminal equipment, considering such terminal equipment may store highly personal information (e.g., videos, pictures or contact information). Consequently, the use of processing and storage capabilities and the collection of information from end-user's terminal equipment will only be allowed with the end-user's consent or for certain specific and transparent purposes laid down in the E-Privacy Proposal. 

4.  Moreover, the E-Privacy Proposal tries to tackle information fatigue (which is a common issue as a result of the broad range of transparency obligations under the GDPR). The E-Privacy Proposal establishes that (cookie) consent can be expressed "by using the appropriate technical settings of a software application enabling access to the internet placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet". Hence, the E-Privacy Proposal allows end-users to whitelist one or several providers in their browser settings. 

Note that the E-Privacy Proposal includes several other rules on important topics, such as unsolicited and direct marketing (need to obtain the prior consent of the end-user except in case of existing client for similar services, namely the exception we already know under Belgian law) and public directories. 

Even though the Mandate is an important milestone in the legislative process, the saga is far from over. Some data protection experts (e.g. Prof. Ulrich Kelber, German Federal Commissioner for Data Protection and Freedom of Information) have already criticised the E-Privacy Proposal, stating that it would be a serious blow to data protection. 

Moreover, the Mandate provides that the E-Privacy Proposal shall not be applicable until 24 months after its entry into force (i.e., 2023 at the earliest).

To be continued. 

Zie ook : Lydian ( Ms. Olivia Santantonio ,  Mr. Bastiaan Bruyndonckx ,  Mr. Ruben Van Breugel )

[+ http://www.lydian.be]

Ms. Olivia Santantonio Ms. Olivia Santantonio
Counsel
[email protected]
Mr. Bastiaan Bruyndonckx Mr. Bastiaan Bruyndonckx
Partner
[email protected]
Mr. Ruben Van Breugel Mr. Ruben Van Breugel
Associate
[email protected]

Laatste artikels van Ms. Olivia Santantonio

CJEU clarifies competence of non-lead supervisory authorities in cross-border GDPR infringements ...
21/06/2021

On 16 February 2018, the Brussels Court of First Instance condemned Facebook, including Facebook Ireland Limited and Faceb...

Read more

World Anti-Counterfeiting Day: Fighting fake goods remains a priority
08/06/2021

Today is the World Anti-Counterfeiting Day. The day on which we recognize the hard work necessary to stop the manufacture,...

Read more

Data transfer tool – Adoption of new sets of Standard Contractual Clauses
08/06/2021

In the absence of an adequacy decision or derogations, undertakings may only transfer personal data outside the European E...

Read more

Belgian DPA’s Litigation Chamber publishes procedural rules
30/01/2021

As we found out last year, data protection remains on the rise. In the meantime, many data subjects found their way to the...

Read more

Laatste artikels van Mr. Bastiaan Bruyndonckx

CJEU clarifies competence of non-lead supervisory authorities in cross-border GDPR infringements ...
21/06/2021

On 16 February 2018, the Brussels Court of First Instance condemned Facebook, including Facebook Ireland Limited and Faceb...

Read more

Checklist voorbereiding en implementatie procedure klokkenluiders
14/06/2021

Werknemers spelen als klokkenluider een sleutelrol bij het onthullen en voorkomen van inbreuken op belangrijke wetgeving d...

Read more

Data transfer tool – Adoption of new sets of Standard Contractual Clauses
08/06/2021

In the absence of an adequacy decision or derogations, undertakings may only transfer personal data outside the European E...

Read more

The Belgian DPA approved the EU Cloud Code of Conduct for cloud service providers acting as a pro...
03/06/2021

On 20 May 2021, the Belgian Data Protection Authority (hereinafter DPA) has approved the first transnational code of ...

Read more

Laatste artikels van Mr. Ruben Van Breugel

To what extent can artists use trademarks in their works?
15/11/2019

The Benelux Court of Justice (“BCJ”), an international court composed of magistrates from the highest courts o...

Read more

LexGO Network