Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive.
On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the ePrivacy Directive (2002/58/EC). (See the Commission’s consultation questionnaire here, and background document here.) The consultation will run until 5 July 2016. After this period ends, the Commission will review responses and is likely to table a draft legislative proposal by the end of the year. This measure forms part of the Commission’s broader strategy to create a digital single market by reforming Europe’s technology laws.
The ePrivacy Directive sets out specific rules concerning the processing of personal data in the electronic communication sector that supplement the general European data protection framework (the same framework that will be revised by the GDPR). The ePrivacy Directive was originally introduced in 1995 and last updated in 2009. It is well known for a series of provisions, for example setting out the so-called “cookie rule” (a law that requires many websites to gather specific consent when using certain cookies and similar technologies); a data breach reporting requirement for regulated telecommunications companies; and a provision that bolsters the confidentiality of electronic communications.
The Commission has signaled that its consultation and legislative review of the Directive will focus on the following issues: ensuring consistency of ePrivacy rules with the GDPR; updating the scope of the ePrivacy Directive in light of changes in electronic communications; enhancing security and confidentiality of communications; and addressing inconsistent enforcement and fragmentation of ePrivacy-related rules at Member State level. The Commission background document also points to potential interest in re-visiting the 2009 cookie rule. The document states that: “The common practice of websites to deny access to those users who refuse to accept cookies (or other technologies) have generated critics that citizens do not have a real choice and that consent gives a false sense of protection.” It remains to be seen how the Commission intends to address this issue.