03 Apr 2017

DIGITALEUROPEs initial views on the European Commissions proposal for an ePrivacy Regulation final

DIGITALEUROPEs initial views on the European Commissions proposal for an ePrivacy Regulation final

OVERALL VIEWS

The ePR will have far reaching effects on how electronic communications and many online services operate in the EU. The Regulation will extend obligations that are significantly more stringent than what currently apply to telecom operators to all over-the-top (“OTT”) communications services, machine-to-machine (“M2M”) applications, and content services with communications capability such as video games, dating apps and ecommerce sites with built-in chat features. It will also require browsers, mobile apps and many other types of software enabling electronic communications to obtain end-users’ opt-in consent upon installation, effectively disregarding other legal bases for data processing. Such a wide extension of both scope and the nature of the obligations will have a significant impact on all industry sectors relying on data driven innovation.

While we recognise the importance of the confidentiality of communications as a component of the right to respect for one’s private and family life, it is not clear what is so specific about the sectors covered by this Regulation that requires a standalone instrument independent from the horizontally applicable GDPR. The GDPR includes both an explicit ‘integrity and confidentiality’ principle and implicit confidentiality protections in the grounds for processing personal data. Moreover, the GDPR is technology and sector neutral, determines safeguards and requirements according to the risk presented and makes a specific distinction for high-risk data. Other sectors are arguably processing more sensitive data – such as healthcare or finance – but are quite rightly determined to be sufficiently covered by the general framework.

We would also like to recall that the Charter of Fundamental right treats the right to privacy and the protection of personal data and the right to the confidentiality of communication as equally important rights. It is thus unclear why the protections afforded by the GDPR are considered insufficient and require a significant rewrite in the ePR proposal.

We believe the proposed ePR should be withdrawn and the current ePrivacy Directive (“ePD”) be repealed.

Back to Data privacy
View the complete Policy Paper
PDF
Our resources on Data privacy
20 Nov 2024 Policy Paper
Legitimate interest: One of six legal bases to process personal data
09 Sep 2024 Policy Paper
First review of the EU-US Data Privacy Framework
19 Jun 2024 Publication & Brochure
The EU's Critical Tech Gap: Rethinking economic security to put Europe back on the map
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept