Update on the proposed ePrivacy Regulation
The Commission's proposal (see our previous newsletter) underwent the scrutiny of the European Parliament during the previous year and as a result, several amendments to the Commission's text were proposed.
The ePrivacy Regulation was intended to enter into force on 25 May 2018 together with the GDPR, however, the legislators now seem to have abandoned this ambitious goal. According to some reports, the trilogue negotiations between the Commission, Council and the Parliament could be delayed until the fall of 2018 which would likely push the finalisation of the ePrivacy Regulation to the end of 2018 or even until 2019.
The ePrivacy Regulation would replace the current ePrivacy Directive 2002/58/EC transposed into the Finnish Information Society Code (917/2014). The proposed ePrivacy Regulation particularises and complements the General Data Protection Regulation 2016/679 (GDPR) giving more detailed provisions in the area of electronic communication. However, unlike the GDPR, it would not apply only to personal data.
What are the amendments proposed by the European Parliament?
Parliament's aim was to ensure that the level of protection of the ePrivacy Regulation would be corresponding to that of the GDPR. Therefore, various amendments to the Commission's proposal were suggested in order to ensure a high level of protection equivalent to the GDPR. Generally speaking, the approach taken by the Parliament could be characterised as a more stringent compared to the Commission's stance.
Parliament's proposal would, for example, strengthen the privacy by default approach by requiring providers of software to configure the software so that privacy protective settings are activated by default, and before and upon installation of the software inform and offer the user the possibility to change or confirm the privacy settings options. These settings should be easily accessible during the use of the software. Furthermore, the providers of software should offer the user the possibility to express specific consent through the settings after the installation of the software.
Additionally, the parliament's amendments concerning processing of electronic communications data would put even more reliance on consent.
What happens now?
The European Council is currently reviewing the proposal and, as of yet, has not released its proposal for the text of the regulation. However, the Council released a consolidated version of the ePrivacy Regulation on 5 December 2017 containing some preliminary suggestions providing some insight to the Council's thinking. A number of issues still remain to be discussed and further amendments are to be expected as a result of the trilogue negotiations. We will be monitoring the progress of the negotiations and will report back with updates.