On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November 27.

The proposed Regulation is intended as a replacement to the existing e-Privacy Directive, which sets out specific rules for traditional telecoms companies, in particular requiring that they keep communications data confidential and free from interference (e.g., preventing wiretapping).  It also sets out rules that apply regardless of whether a company provides telecoms services, including restrictions on unsolicited direct marketing and on accessing or storing information on users’ devices (e.g., through the use of cookies and other tracking technologies).

Substantively, the proposed Regulation aims to extend the rules that currently apply specifically to telecoms companies to “over-the-top” service providers.  Initial versions included stringent restrictions on when electronic communications data (including both content and metadata) could be used without consent, which was the subject of significant debate and disagreement.  Despite proposals from both the European Commission and Parliament, negotiations on a Council proposal have been in deadlock for more than two years, culminating in the rejection of the Finnish Presidency’s text after substantial, but ultimately unsuccessful, efforts to find agreement.

The Council has released a progress report, noting the areas on which agreement could not be reached, including:

  • The scope of the Regulation, particularly its application to processing of electronic communications data by end-users of a service or by entrusted third parties who might receive that data.
  • The appropriate solution to allow the processing of electronic communications data for the purposes of prevention of child abuse imagery.
  • Whether an exception should be included to permit the processing of electronic communications data for the prevention of other serious crimes, in particular terrorism.
  • The appropriate rules for storing or accessing information on users’ devices, which should protect existing business models and also respect the GDPR’s rules. For example, there was disagreement around whether giving consent to the use of cookies or other tracking technologies could be a condition of access to a website or service.
  • How to facilitate effective cooperation between national supervisory authorities, and what role the European Data Protection Board should have.
  • How the proposed Regulation will operate in relation to new technologies, particularly machine-to-machine and Internet of Things services.

Following the Council’s failure to agree a proposal and in light of the installation of the new Commission, questions were asked about the viability of the current proposals.  Although Breton later stated to the press that all options remain on the table, including continuing with negotiations on those existing proposals and taking into account agreed elements of the current proposal successes, his statement suggests that the Commission ultimately may reconsider the approach to e-Privacy.  It remains to be seen, and we will continue to monitor, exactly how any new approach will address the concerns raised in the Council and be reconciled with the views of the European Parliament.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lisa Peets Lisa Peets

Lisa Peets leads the Technology Regulatory and Policy practice in the London office and is a member of the firm’s Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory counsel and legislative advocacy. In this context, she…

Lisa Peets leads the Technology Regulatory and Policy practice in the London office and is a member of the firm’s Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory counsel and legislative advocacy. In this context, she has worked closely with leading multinationals in a number of sectors, including many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU law issues, including data protection and related regimes, copyright, e-commerce and consumer protection, and the rapidly expanding universe of EU rules applicable to existing and emerging technologies. Lisa also routinely advises clients in and outside of the technology sector on trade related matters, including EU trade controls rules.

According to the latest edition of Chambers UK (2022), “Lisa is able to make an incredibly quick legal assessment whereby she perfectly distils the essential matters from the less relevant elements.” “Lisa has subject matter expertise but is also able to think like a generalist and prioritise. She brings a strategic lens to matters.”

Photo of Paul Maynard Paul Maynard

Paul Maynard is an associate in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is an associate in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous…

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous vehicles. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Sam advises leading technology, software and life sciences companies on a wide range of matters relating to data protection and cybersecurity issues. Her work in this area has involved advising global companies on compliance with European data protection legislation, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, the ePrivacy Directive, and related EU and global legislation. She also advises on a variety of policy developments in Europe, including providing strategic advice on EU and national initiatives relating to artificial intelligence, data sharing, digital health, and online platforms.