The Council of the European Union Issues Amendments to the Commission’s E-Privacy Regulation Proposal

The European Union has been undergoing deep change in its data protection framework over the past few years, which started with the passing of the General Data Protection Regulation (GDPR) in May 2016 (to take effect on 25 May 2018) to modernise the existing rules of the Directive 95/46/EC. The European Commission issued a draft E-Privacy Regulation on 10 January 2017, which aimed to replace the current E-Privacy Directive and align the text with the new requirements of the GDPR.

The proposed text of the E-Privacy Regulation has generated mixed reactions so far –– the advertising industry is on the frontline to have the Commission version modified as the current requirements are fairly strict (processing of electronic communications can only be based on necessity or consent of the end-user and direct marketing would mainly require opt-in.)

On the other hand, in an opinion released last April, the Article 29 Working Party has expressed four points of grave concern with regard to the tracking of the location of terminal equipment; the conditions under which the analysis of content and metadata is allowed; and the default settings of terminal equipment and software and with regard to tracking walls. The WP29 feels that the proposed Regulation would lower the level of protection enjoyed under the GDPR in those areas.

As part of the legislative process, the Council of the European Union issued on 8 September 2017 its proposed amended version of the E-Privacy Regulation proposal. The amended text focuses on the articles only, while recitals will be examined at a later stage.

The Council’s revised draft proposal specifies that “the revisions are based on the discussions held in the WP TELE (Working Party for Telecommunications and Information Society) meetings and on the written comments provided by delegations to date,” adding that many delegations are still in the process of analyzing the proposal.

Consequently, additional redrafts are to be expected. This first one “aims mainly at clarifying certain elements and outlining specific issues to be examined for the purposes of advancing the discussions on the file.”

The Council’s main changes concern the following:

The text of the proposal will be discussed article-by-article during upcoming WP TELE meetings on 19, 20, and 25 September. Delegates will be invited to express their views on the proposed changes, and will have a chance to raise further issues within each article and indicate their preferred solutions.

How OneTrust Helps

Evolving data privacy regulations create consistent challenges for website owners. EU cookie laws require organisations to inform website visitors about the data that’s being collected from them and to provide them with the choice over sharing their information.

OneTrust provides website owners with a transparent mechanism for obtaining required cookie consent from website visitors and respecting Do Not Track requests, helping organisations comply with EU cookie laws. Our comprehensive cookie compliance solution includes continuous website scanning against a 5.5M cookie database, flexible interface for managing visitor consent, and customisable visitor preferences center.