Joint industry letter on the future of the ePrivacy Regulation
Ahead of the 8 June TTE Council, we urge Member States to remain cautious in their examination of the draft ePrivacy Regulation (ePR).
Limited progress has been achieved since the beginning of Council discussions early last year and many questions remain open. More time is needed to assess the ePR’s scope of application, its overlaps with the General Data Protection Regulation (GDPR) and its impact on all sectors of the economy.
The ePR proposal has departed from the laudable objective of protecting the confidentiality of communications and goes on instead to greatly limit the processing of a broad array of both personal and non-personal data. Rather than complementing the GDPR, the proposal replaces and contradicts many of the fundamental checks and balances of the EU’s data protection framework.
For example, legal grounds for processing and consent requirements differ between the two instruments. The processing of electronic communications and terminal equipment data is not allowed under the same conditions as personal data under the GDPR. As a result, the same types of data are treated differently and non-sensitive data – such as non-personal data, which is not covered by the GDPR as it doesn’t relate to individuals – is subject to unreasonable rules.
The considerable negative impact of an inflexible ePR will extend to all sectors of the EU digital economy – from digital media to connected cars, medical technology and smart manufacturing – which will be exposed to additional burden at best or, at worst, unable to continue offering and innovating their products and services using data.
The GDPR, which has only now come into full application, provides for comprehensive rules that industry, authorities and Member States are all working hard to implement. The GDPR was heavily inspired by discussions on the current ePrivacy Directive prior to 2009 and, subsequently, by its text; as such, it provides for the highest level of data protection, and departure from its provisions should not be tackled carelessly.
While we support the need to protect the confidentiality of communications, we believe that more reflection is needed on the ePR proposal to ensure a coherent data protection legal framework for the EU. Consistency between the ePR and the GDPR will secure a high level of privacy protection and legal clarity for businesses with regards to data processing and enforcement.
We call on Ministers to clearly signal during the 8 June meeting that Member State discussions on the ePR should not be rushed and trialogue negotiations should not commence until a robust, balanced and comprehensive General Approach is obtained. We stand ready to support the Council in its efforts to produce a more coherent outcome for the final Regulation.
For more information please contact
Alberto Di Felice
Director for Infrastructure, Privacy & Security Policy