Romanian Presidency Offers ePrivacy Regulation Compromises
A proposal for compromise on the ePrivacy Regulation will be discussed later this week as the Telecommunications Council meets on February 7th.
The picture on ePR appeared bleak earlier this year when the provisional agendas for the first half of 2019 were released by the Romanian Presidency and the Telecommunications Council was not scheduled to undertake deliberations on ePrivacy until early June. However, last week the Romanian Presidency issued a notification that ePR would be discussed shortly and an update would follow.
According to the update, which has now been released, there have been discussions throughout January on “the impact of ePR on new technologies and the consent requirements, processing of electronic communications data for the purposes of child protection and the exclusion of national security and defence from the scope of ePR.”
The result of these discussions is a set of possible compromise solutions issued by the Presidency:
1. ePR and New Technology
The Presidency has suggested that concerns about the interaction of the Internet of Things and Artificial Intelligence with ePrivacy can be resolved through additions to recitals 13 and 20 plus the creation of recital 20a.
The new language would:
– exclude the circulation of electronic communications within a home WiFi network, – suggest providers offer a means to white list certain types of cookies in order to avoid consent fatigue as well as revoke consent, and
– it would require consent for purposes beyond what is necessary to provide the transmission of an electronic communication or the requested information society service.
2. Child Protection
The compromise proposal would include explicit permission to process data for detecting and deleting child pornography. To this end, Article 6(1a) would be created to set the terms for the authorization of such processing. There shall be appropriate safeguards, and the processing shall not analyze the actual communications content or store copies of that content.
3. National Security and Defense
The Presidency has suggested the combination of points (a) and (aa) in Article 2(2) regarding the exclusion of activities outside the scope of Union law and activities concerning national security and defense to resolve concerns expressed by a number of delegations.
The proposed compromises by no means resolve all of the outstanding issues related to ePR but do signal that the issue has not been postponed until June. It was originally hoped by many in Europe that agreement to replace the ePrivacy Directive with the ePrivacy Regulation could have been reached in time to have it in place in May 2018 at the same time that the European Union’s General Data Protection Regulation (GDPR) went into effect. Disagreements about the language and a number of other core components delayed that effort, and the opportunity to get ePR in place by some point in 2020 could be slipping.
Hopefully, there will be additional guidance on the potential timing for passage and implementation of ePR after this month’s discussions.
Here is the link to the PDF document released by the Romanian Presidency.
Ready for the new California privacy law coming on January 1, 2020? Learn more about CCPA compliance and contact us to see a demo of the Clarip privacy management platform used by Fortune 500 clients.