31 Oct 2016

DIGITALEUROPE views on the Review of the ePrivacy Directive

DIGITALEUROPE views on the Review of the ePrivacy Directive


DIGITALEUROPE as the voice of Europe’s digital technology industry welcomes the opportunity to work closely with the EU Institutions as they review and assess the ePrivacy Directive (“ePD”). Our members are committed to the highest standard of data protection, privacy, security and integrity of the digital ecosystem. However, for Europe to attract and sustain the world’s best technology companies that can contribute to a strong digital economy, businesses need a regulatory environment which is not only predictable, but avoids unnecessary burdens and overlaps with existing legislation. As the EU Institutions continue to understand and consider the future role of the ePD, DIGITALEUROPE believes any future actions by policy makers should take into consideration the following:

1. The Future of ePrivacy – The priority of the review should be to achieve simplification of the legal framework and consistency with other legal instruments. To the extent that any of the provisions of the ePD are still necessary, these could be integrated into other legal instruments, such as the European Electronic Communications Code.

2. Scope – The potential extension of scope to cover OTTs, IoT devices, and M2M communications is not necessary to ensure the appropriate level of protection for consumers.

3. Security – The security provisions under the GDPR have the exact same objectives as the ePD. Keeping Article 4 or any version of this provision would only duplicate existing requirements.

4. Traffic & Location Data – Maintaining a separate set of rules on traffic and location data and extending it to some new services would considerably increase legal uncertainty, as two sets of regulatory requirements would be now applicable to the exact same data sets.

5. Ensuring Confidentiality of Communications – A more focused approach on confidentiality requirements is needed when considering the practical implications on network operators and providers of services who rely on third party connections. If a broad expansion of confidentiality occurs, derogations must be provided to allow for legitimate activities of service providers.

6. Confidentiality & Law Enforcement – The right to the confidentiality of communication should not only apply to the commercial context alone. The protection granted by the Charter is universal and should also be ensured in the law enforcement and national security context. Any mandate requiring service providers to reverse engineer, provide back doors and any other measures to weaken their security/encryption measures should be explicitly prohibited.

7. Device Data (including “Cookies”) – Any suggestions that would seek to prohibit businesses from preventing access to their services if the user refuses to accept a cookie must be avoided. This would not only disproportionately interfere with the freedom to conduct a business and the freedom of contract, but also undercut the EU’s competitiveness in the data-driven and knowledge-based digital economy.

8. Enforcement – Enforcement powers should be conferred on the public agency that is the most competent in the matter at hand. Issues related to personal data should solely be dealt with by national data protection authorities.

Back to Data privacy
View the complete Policy Paper
Our resources on Data privacy
19 Jun 2024 Publication & Brochure
The EU's Critical Tech Gap: Rethinking economic security to put Europe back on the map
09 Feb 2024 resource
The GDPR six years in: from harmonisation to alignment
15 Jan 2024 resource
DIGITALEUROPE’s response to the public consultation on a reporting scheme for data centres in the EU
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.