Joint Industry Statement – ePrivacy Regulation Legislative Timeline

Dear Honorable Member of the Civil Liberties, Justice and Home Affairs Committee,

As you begin the legislative process for the proposed E-Privacy Regulation (EPR), we, the undersigned associations, urge you and your colleagues to take the necessary time and caution in evaluating the impact of the proposed legislation.

The EPR in its current form risks having far reaching consequences on how electronic communications and many online services operate in the European Union. The proposal extends obligations and scope to cover all over-the-top (OTT) communications services, machine-to-machine (M2M) communications, and content services with communications capabilities such as video games, dating apps and any website with built-in chat features. This falls contrary to the approach in the European Electronic Communications Code (EECC), to which the EPR purportedly refers.

The proposal raises complex questions which must be resolved in order to produce a coherent framework in the European Union. Not only will this proposal dictate how a wide range of companies process data above and beyond the General Data Protection Regulation (GDPR), but it will also govern how these companies engage with law enforcement agencies within and across Member States. Finding workable solutions on these matters will require careful consideration of the implications for companies, end-users, and competent authorities. We therefore encourage you and your colleagues to carry out an extensive consultation procedure throughout the course of the legislative process, involving all relevant stakeholders.

Many provisions of the EPR refer, and depend, on other pieces of legislation, which are still being discussed or are yet to be implemented (i.e. consent being interpreted in the context of the GDPR, electronic communication services being discussed in the EECC, the inclusion in the EPR of data retention obligations being discussed by Member States in Council). The work on the EPR should be based on clearly defined concepts and in complete alignment with other legislation. It should, therefore, not precede the adoption and interpretation of related pieces of legislation nor be rushed.

We understand that the intention behind this proposal is to create legal certainty. We must however avoid nullifying the substantial investments made by companies in anticipation of the GDPR by rushing a legislation without having first established solid foundations.

Once more, we strongly believe that the answer to this is not a speedy adoption of the EPR. Proper examination and scrutiny is indispensable to achieve results that are beneficial to citizens, industry and society at large. Therefore, we stress that the co-legislators ensure that proper assessment of the draft law occurs so that we create a framework that enables innovation and investment in Europe both today and in the future.

Members of ICDP look forward to providing you with input throughout the legislative process.