The Council of the European Union (the Council) announced that its Member States have agreed on a final negotiating mandate for the revised ePrivacy Regulation, an agreement that signals the beginning of negotiations with the European Parliament on the final text of the Regulation. The Council outlined that the ePrivacy Regulation will cover electronic communications content and related metadata transmitted via publicly available services and networks, as well as ensure secure use of the Internet of Things (IoT). The agreed position also notes the circumstances in which service providers are permitted to process electronic communications data or have access to data stored on users’ devices.

Stay up to date with OneTrust DataGuidance: ePrivacy Regulation Portal

What is the ePrivacy Regulation?

The ePrivacy Regulation is a draft piece of EU legislation, designed to update requirements related to privacy and electronic communications and to harmonize them with the provisions of the GDPR. The ePrivacy Regulation will replace the Directive on Privacy and Electronic Communications (the ePrivacy Directive).

What is the Council’s Position on the ePrivacy Regulation?

The ePrivacy Regulation will cover electronic communications content transmitted using publicly available services and networks, and metadata related to the communication, which could include location information and the time of the communication. Notably, the Regulation will also cover machine-to-machine data that is transmitted via a public network, to ensure the protection of privacy rights and a secure IoT.

The Council also noted that users should have a genuine choice on whether they accept cookies or similar tracking technologies. Users should also be able to give their consent to the use of certain types of cookies via the whitelisting of particular providers in their browser settings. This aims to reduce cookie consent fatigue.

The Council’s position also outlines that consent may not be needed for certain processing of electronic communications data when the purpose of the processing is to ensure the integrity of communications services and check for malware or viruses.

Stay up to date with OneTrust DataGuidance: ePrivacy Regulation Portal

What’s Next for the ePrivacy Regulation?

Now that the Council has announced its agreed position on a negotiating mandate, the Portuguese Presidency of the Council will now begin negotiations with the European Parliament on the agreed text. The ePrivacy Regulation would enter into effect 20 days after being published in the EU Official Journal and would be enforceable two years later.

For more information on the ePrivacy Regulation check out the OneTrust DataGuidance portal.

Further ePrivacy Regulation reading: