Council sets out its position on the ePrivacy Regulation
After years of discussions, the EU member states today agreed on a common position in the Council regarding the ePrivacy Regulation. Now the trialogue with the European Parliament can begin.
The ePrivacy Regulation in detail
The aim of the ePrivacy Regulation is to protect privacy and confidentiality when using electronic communications services. The existing ePrivacy Directive from 2002 is repealed. The planned ePrivacy Regulation supplements the GDPR and provides for special regulations for the protection of privacy in the digital world.
For four years now, the member states have been working on getting the regulation off the ground. The Council’s new draft, for example, proposes to process metadata of users without their explicit consent. In addition, a national security and defense exception should apply to all provisions, he said. The European Parliament, on the other hand, had already committed itself to its – significantly stricter – position nine months after the EU Commission presented the draft regulation. The final text must now be negotiated by the EU member states with the Commission and Parliament.
BfDI criticizes position of the Council
The BfDI notes considerable risks to data protection in the agreement between the member states. In this context, it criticizes the following points in particular:
- Re-introduction of data retention
- Admissibility of “cookie walls
- Lack of guarantees for users
- Right to object and data protection impact assessment deleted
- Recourse to the guarantees of the GDPR excluded
- Personal data may be processed for other purposes without the consent of the user.
Consideration of the interests of the advertising industry required
In the trilogue negotiations, the Council and the European Parliament are called upon to reconcile the concerns of the advertising industry with the interests of consumers in protecting their data in the digital world. It is of little help to confront the European advertising industry with overly strict requirements, so that in the end only large U.S. service providers can expand their market power. It remains to be seen whether those involved will succeed in this task.
The Council’s draft is available here.