ePR Update: Finnish Presidency Surveys Member States to Find Consensus

The latest note from the incoming Finnish presidency on the ePrivacy Regulation (ePR) asked member states a series of questions as, according to the Finnish presidency, “it is clear that further discussion on the proposal is still needed.”

The four questions posed to member states concerning ePR were:

1) The main objective of the proposed regulation is to protect the fundamental right of private life and confidentiality of the communications. To this end, which parts of the proposed regulation could be considered as the most essential?

2) On which parts of the text more discussion is still needed? As the text stands now we would like to especially have your views on:

– which parts are the most problematic and how can those problems be concretely solved?
– can some parts be identified where no changes are necessary?
– Are there some parts of the text you consider unnecessary and which should be deleted?

3) Some delegations have indicated that further alignment with the General Data Protection Regulation and ePrivacy rules would be needed. In this regard, what kind of specific changes to the text would be needed?

4) What should be the next steps to be taken to continue the negotiations in the Council?

The Finnish presidency appears to be searching for consensus on a path forward for the ePrivacy Regulation. The initial plan was for ePR to go into effect at the same time as the General Data Protection Regulation (GDPR). More than a year later, the European Union member states are still exchanging drafts. A WP TELE meeting was held last week on July 4th to discuss the questions.

During the first half of this year, the Romanian presidency appeared to advance the ball on ePR negotiations unexpectedly, as it held numerous meetings and calls on the issue as well as published several revisions to the proposed text. However, the latest admission calls into question just how much progress was made and if there is a path to replacing the ePrivacy Directive at this point.

In another move that potentially signals slow movement on ePrivacy, the data protection authorities of the United Kingdom and France have both announced developments on their cookie consent policy independent of the ePR effort. The ICO revised its cookie banner guidance to include the GDPR requirement for express, affirmative consent. CNIL announced at the end of June that they would soon be communicating a clarification of the legal obligations for obtaining consent for cookies.

We will continue to bring you news on ePrivacy as developments warrant.