On 15 May 2017, the Council of the European Union published its progress report (the "Report") on the first draft of the ePrivacy Regulation (the "Draft Regulation").
The Draft Regulation focuses on the processing of personal data and protection of privacy in electronic communications. Among other areas, it covers direct marketing, cookies and other forms of online tracking; principally seeking to bring e-privacy law up to date with the "evolution of technological and market reality" and align the law with the incoming EU General Data Protection Regulation ("GDPR"). It was published by the European Commission in January of this year and is expected to replace the existing Privacy and Electronic Communications Directive (the "ePrivacy Directive").
The Report's main focus is a summary of comments made by delegations during a line-by-line examination of Articles 1-8 of the Draft Regulation in meetings of the Working Party on Telecommunications and Information Society ("WP TELE") held on 29 March and 3 May 2017. The WP TELE is made up of experts from each EU member state and "handles internal and external policy issues related to information and communication technologies and infrastructure, internet and the creation of the digital single market in Europe".
On the whole, delegations welcomed the Draft Regulation and accompanying impact assessment (which is carried out on initiatives expected to have significant economic, social or environmental impact). However they also warned that the introduction of a regulation (as opposed to a directive) demands a higher level of scrutiny of the text, and consider the proposed date of application of 25 May 2018 (to align with the GDPR coming into force) to therefore be unrealistic. General concerns raised include:
- Overlap with other legislation - the need for a more detailed examination of possible overlaps with other legislation (in particular the GDPR and the proposal on the European Electronic Communications Code)
- National data protection authorities - a lack of evidence that the appointment of national data protection authorities as supervisory authorities would solve the problem of inconsistent implementation and enforcement across the EU
- Scope – the need for a more detailed explanation of which organisations fall within the extension of scope to over-the-top players and providers of "ancillary services"
- Confidentiality of electronic communications - deviance from the equivalent provisions in the former ePrivacy Directive was flagged by some as a cause for concern, while others fear that the provisions may be too broad and general
- Protection of information stored in or emitted by end-users' terminal equipment - further clarification on "cookies", "device tracking" and other exceptions is also sought
Some of the concerns raised by the WP TELE reiterate those raised by the opinions of the Article 29 Working Party and the European Data Protection Supervisor, (both published in April 2017) – for example the interaction of the regulation with the GDPR and the need for greater explanation on the expansion of the scope.
Future WP TELE meetings will analyse the remainder of the Draft Regulation, with the aim of finalising the first examination by the end of the Maltese Presidency of the Council of the EU in June 2017.
Click here to view the EU Council's Progress Report.
Click here to view the Article 29 Working Party opinion.
Click here to view the European Data Protection Supervisor opinion.