The Council of the European Union has voted to reject its own text of the draft ePrivacy Regulation.
Originally it was envisaged that the ePrivacy Regulation would be enforced with GDPR (General Data Protection Regulation) when the GDPR came into force on 25th May 2018. It was intended to replace the older PECR (Privacy Electronic Communications Regulations) which implement the EU ePrivacy Directive which was put in place way back in 2002.
For the last couple of years the draft has been tinkered with, weakening privacy protections of EU citizens due to high levels of lobbying by interested parties against the draft proposals. Therefore there is a difference of opinion between members of the Council on how to proceed.
So where are we?
More uncertainty, unfortunately as the Council must either agree a new draft or the Commission has to withdraw the entire proposal. In the meantime it provides further uncertainty in the future direction of travel of the privacy of electronic communications.
Currently what we have is PECR aligned with the more rigorous requirements of consent of the GDPR. For more details on how these interplay with each other, the European Data Protection Board (EDPB) released an opinion on this earlier this year - see Opinion 5/2019:
It does not appear that a new ePrivacy Regulation will be with us any time soon and certainly not before the UK decides the future of its relationship with the EU.
Please note the article reflects the opinions of the author only as to the likely future direction of the ePrivacy Directive.
Comments