03 Apr 2017

DIGITALEUROPEs initial views on the European Commissions proposal for an ePrivacy Regulation final

DIGITALEUROPEs initial views on the European Commissions proposal for an ePrivacy Regulation final


The ePR will have far reaching effects on how electronic communications and many online services operate in the EU. The Regulation will extend obligations that are significantly more stringent than what currently apply to telecom operators to all over-the-top (“OTT”) communications services, machine-to-machine (“M2M”) applications, and content services with communications capability such as video games, dating apps and ecommerce sites with built-in chat features. It will also require browsers, mobile apps and many other types of software enabling electronic communications to obtain end-users’ opt-in consent upon installation, effectively disregarding other legal bases for data processing. Such a wide extension of both scope and the nature of the obligations will have a significant impact on all industry sectors relying on data driven innovation.

While we recognise the importance of the confidentiality of communications as a component of the right to respect for one’s private and family life, it is not clear what is so specific about the sectors covered by this Regulation that requires a standalone instrument independent from the horizontally applicable GDPR. The GDPR includes both an explicit ‘integrity and confidentiality’ principle and implicit confidentiality protections in the grounds for processing personal data. Moreover, the GDPR is technology and sector neutral, determines safeguards and requirements according to the risk presented and makes a specific distinction for high-risk data. Other sectors are arguably processing more sensitive data – such as healthcare or finance – but are quite rightly determined to be sufficiently covered by the general framework.

We would also like to recall that the Charter of Fundamental right treats the right to privacy and the protection of personal data and the right to the confidentiality of communication as equally important rights. It is thus unclear why the protections afforded by the GDPR are considered insufficient and require a significant rewrite in the ePR proposal.

We believe the proposed ePR should be withdrawn and the current ePrivacy Directive (“ePD”) be repealed.

Back to Data privacy
View the complete Policy Paper
Our resources on Data privacy
09 Feb 2024 resource
The GDPR six years in: from harmonisation to alignment
15 Jan 2024 resource
DIGITALEUROPE’s response to the public consultation on a reporting scheme for data centres in the EU
16 Nov 2023 Position Paper
One Data Act to rule them all? Avoiding competing data sharing rules: DIGITALEUROPE’s views on the European statistics regulation revision
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.