31 Oct 2016

DIGITALEUROPE views on the Review of the ePrivacy Directive

DIGITALEUROPE views on the Review of the ePrivacy Directive


DIGITALEUROPE as the voice of Europe’s digital technology industry welcomes the opportunity to work closely with the EU Institutions as they review and assess the ePrivacy Directive (“ePD”). Our members are committed to the highest standard of data protection, privacy, security and integrity of the digital ecosystem. However, for Europe to attract and sustain the world’s best technology companies that can contribute to a strong digital economy, businesses need a regulatory environment which is not only predictable, but avoids unnecessary burdens and overlaps with existing legislation. As the EU Institutions continue to understand and consider the future role of the ePD, DIGITALEUROPE believes any future actions by policy makers should take into consideration the following:

1. The Future of ePrivacy – The priority of the review should be to achieve simplification of the legal framework and consistency with other legal instruments. To the extent that any of the provisions of the ePD are still necessary, these could be integrated into other legal instruments, such as the European Electronic Communications Code.

2. Scope – The potential extension of scope to cover OTTs, IoT devices, and M2M communications is not necessary to ensure the appropriate level of protection for consumers.

3. Security – The security provisions under the GDPR have the exact same objectives as the ePD. Keeping Article 4 or any version of this provision would only duplicate existing requirements.

4. Traffic & Location Data – Maintaining a separate set of rules on traffic and location data and extending it to some new services would considerably increase legal uncertainty, as two sets of regulatory requirements would be now applicable to the exact same data sets.

5. Ensuring Confidentiality of Communications – A more focused approach on confidentiality requirements is needed when considering the practical implications on network operators and providers of services who rely on third party connections. If a broad expansion of confidentiality occurs, derogations must be provided to allow for legitimate activities of service providers.

6. Confidentiality & Law Enforcement – The right to the confidentiality of communication should not only apply to the commercial context alone. The protection granted by the Charter is universal and should also be ensured in the law enforcement and national security context. Any mandate requiring service providers to reverse engineer, provide back doors and any other measures to weaken their security/encryption measures should be explicitly prohibited.

7. Device Data (including “Cookies”) – Any suggestions that would seek to prohibit businesses from preventing access to their services if the user refuses to accept a cookie must be avoided. This would not only disproportionately interfere with the freedom to conduct a business and the freedom of contract, but also undercut the EU’s competitiveness in the data-driven and knowledge-based digital economy.

8. Enforcement – Enforcement powers should be conferred on the public agency that is the most competent in the matter at hand. Issues related to personal data should solely be dealt with by national data protection authorities.

Back to Data privacy
View the complete Policy Paper
Our resources on Data privacy
Policy Paper 17 Sep 2020
DIGITALEUROPE response to the European Data Protection Board’s consultation on the Guidelines 6/2020 on the interplay of the PSD2 and the GDPR
Policy Paper 31 Aug 2020
An early analysis of Schrems II – key questions and possible ways forward
Policy Paper 10 Jun 2020
Two years of GDPR: A report from the digital industry
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.