Tag Archives: ePrivacy Directive

New E-Privacy Proposal on the Horizon?

On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November … Continue Reading

The Spanish Supervisory Authority Issues Guidance on the Use of Cookies

On November 8, 2019, the Spanish Supervisory Authority (“SA”) issued detailed guidance on cookies and similar technologies in collaboration with stakeholders in the ad industry, including Adigital, Anunciantes, AUTOCONTROL and IAB Spain. The guidance is divided in 4 chapters: Chapter 1: scope of the Spanish cookie rules (Art. 22 of Law 34/2002); Chapter 2: terminology … Continue Reading

German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services

On April 5, 2019, the association of German Supervisory Authorities for data protection (‘Datenschutzkonferenz’ or ‘DSK’) published a guideline regarding the applicability of the German Telemedia Act (‘TMG’) to telemedia services – including, for example, the use of website cookies for targeted advertising post-GDPR. The guideline aims to “clarify and concretize” a previous statement on … Continue Reading

EDPB Issues Opinion on the Interplay between the ePrivacy Directive and the GDPR

On March 12, 2019, the European Data Protection Board (“EDPB”) issued an opinion in response to a series of questions about the competences, tasks and powers of European supervisory authorities for data protection (“SAs”), when the processing of personal data triggers the material scope of both the ePrivacy Directive and the General Data Protection Regulation … Continue Reading

EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU).  The case centers on the use of consent for the processing of personal data and consent for the use of cookies. Planet49 GmbH offered an online lottery service for … Continue Reading

Voice Technologies, Meet the EU E-Privacy Regulation

On January 12, the International Consumer Electronics Show (CES) in Las Vegas closed its doors for another year.  Each CES raises a new set of technology themes, ranging from robots to smart fridges — and this year, the winner was voice technologies.  Such technologies, while not entirely new, are now becoming mainstream:  sales of smart … Continue Reading

New Ruling in European Employee Monitoring Case

On September 5, 2017, the Grand Chamber of the European Court of Human Rights (“ECtHR”) issued its ruling on appeal in the case of Bărbulescu v. Romania, concerning alleged unlawful workplace monitoring of Mr. Barbulescu’s private communications. Overturning the ECtHR’s prior ruling in the case (covered by Inside Privacy here), the Grand Chamber held that … Continue Reading

CJEU Confirms That National Data Retention Laws May Only Be Adopted Where “Strictly Necessary”

On December 21, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Joined Cases C-203/15 and C-698/15, Tele2 /Watson. The decision considered the legality of UK and Swedish laws permitting the generalized retention of communications metadata (for 6-12 months) for the purposes of prevention, detection or prosecution of crime (not necessarily … Continue Reading

European Commission Launches Consultation on Reform of the ePrivacy Directive

Following the expected approval of the final text of the General Data Protection Regulation (“GDPR”) in the European Parliament this week, the Commission is now turning its attention towards the ePrivacy Directive. On Monday (April 11, 2016), the Commission launched a public consultation to review and propose changes to the ePrivacy Directive (2002/58/EC).  (See the Commission’s … Continue Reading

Company Receives Record Fine from UK Regulator For Cold Calling

The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has imposed a fine of £350,000 on Prodial Ltd (“Prodial”) for making over 46 million unsolicited automated telephone calls to generate leads in relation to payment protection insurance refunds.  This is the highest fine issued by the ICO to date.… Continue Reading

Data Breach Notification within 24 hours in the Electronic Communication Sector – An Example to Follow in the Reform of the EU Data Protection Directive?

Under the so-called e-Privacy Directive, providers of publicly available electronic communications services (primarily telecom providers and ISPs) are obliged to notify the competent national authorities and, in certain cases also the subscribers and individuals concerned, of personal data breaches. In order to ensure consistency in the implementation of this notification obligation by the EU Member … Continue Reading

ICO issues £440,000 fine to telecoms company for illegal direct marketing

On 28 November 2012, following an 18-month investigation, the UK Information Commissioner’s Office (ICO) announced that it had fined the joint owners of Tetrus Telecoms (Tetrus) a total of £440,000 under the Privacy and Electronic Communications Regulations (PECR).  The fine penalized Tetrus for sending millions of unsolicited text messages promoting opportunities to claim compensation for … Continue Reading

UK ICO Issues Updated Guidance on the Rules on Use of Cookies and Similar Technologies

On December 13, 2011, the UK data protection authority (the “ICO”) issued updated guidance on the new cookie rules (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011) implemented as part of the review of the EU e-Privacy Directive.  The guidance is intended to help website operators and those using cookies understand how the rules … Continue Reading

The Article 29 Working Party and Breach Notification in the EU

The Article 29 Working Party recently released an opinion on data breach notification in the EU. The opinion addresses two main issues: Experience to date with the existing breach notification rules in the ePrivacy Directive. The breach notification obligation imposed by article 4.3-5 of the ePrivacy Directive (2002/58/EC) only applies to providers of electronic communications … Continue Reading

UK Information Commissioner Issues (Vague) Warning on Cookies

Since the 2009 amendments to Article 5(3) of the ePrivacy Directive (2002/58/EC) regarding cookies and consent, there has been considerable debate over what web sites and ad networks must do in order to deploy cookies lawfully, and over what constitutes informed consent from users (e.g., opt-in versus opt-out).  For a flavour, see the Article 29 Working Party Opinion 2/2010 on online behavioural … Continue Reading

ENISA report on data breach notifications in the EU

The EU’s ‘cyber security’ agency ENISA has issued a report on data breach notifications in the EU.  The report is in response to the 2009 amendments to the ePrivacy Directive requiring telecom and Internet service providers to issue notifications for personal data breaches, which Member States must transpose into national legislation by May 2011.  The … Continue Reading
LexBlog