03 Apr 2017

DIGITALEUROPEs initial views on the European Commissions proposal for an ePrivacy Regulation final

DIGITALEUROPEs initial views on the European Commissions proposal for an ePrivacy Regulation final

OVERALL VIEWS

The ePR will have far reaching effects on how electronic communications and many online services operate in the EU. The Regulation will extend obligations that are significantly more stringent than what currently apply to telecom operators to all over-the-top (“OTT”) communications services, machine-to-machine (“M2M”) applications, and content services with communications capability such as video games, dating apps and ecommerce sites with built-in chat features. It will also require browsers, mobile apps and many other types of software enabling electronic communications to obtain end-users’ opt-in consent upon installation, effectively disregarding other legal bases for data processing. Such a wide extension of both scope and the nature of the obligations will have a significant impact on all industry sectors relying on data driven innovation.

While we recognise the importance of the confidentiality of communications as a component of the right to respect for one’s private and family life, it is not clear what is so specific about the sectors covered by this Regulation that requires a standalone instrument independent from the horizontally applicable GDPR. The GDPR includes both an explicit ‘integrity and confidentiality’ principle and implicit confidentiality protections in the grounds for processing personal data. Moreover, the GDPR is technology and sector neutral, determines safeguards and requirements according to the risk presented and makes a specific distinction for high-risk data. Other sectors are arguably processing more sensitive data – such as healthcare or finance – but are quite rightly determined to be sufficiently covered by the general framework.

We would also like to recall that the Charter of Fundamental right treats the right to privacy and the protection of personal data and the right to the confidentiality of communication as equally important rights. It is thus unclear why the protections afforded by the GDPR are considered insufficient and require a significant rewrite in the ePR proposal.

We believe the proposed ePR should be withdrawn and the current ePrivacy Directive (“ePD”) be repealed.

Back to Data privacy
View the complete Policy Paper
PDF
Our resources on Data privacy
resource 16 Mar 2020
Encryption: finding the balance between privacy, security and lawful data access
Policy Paper 05 Feb 2020
Response to draft EDPB Guidelines on the right to be forgotten in search engine cases
Policy Paper 21 Jan 2020
Almost two years of GDPR: celebrating and improving the application of Europe’s data protection framework
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept