Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsSignificant Progress on ePrivacy Regulation Highlighted by Progress Report
Europe is meeting this week for further discussions of the ePrivacy Regulation after significant progress, according to a progress report from the Bulgarian Presidency to the Council of the European Union.
The questions to be addressed this week surround Articles 5 and 6, Articles 8 and 10, and the overall mission of enabling advancement of the competitiveness of European industry while safeguarding the confidentiality of citizen’s communications and the protection of their data.
Ahead of the meeting on Friday, the progress report provides details on the changes that have been made with the text recently as well as the areas where debate is still happening. Here is an overview of some of those changes as described in the Progress Report:
Apparently, there has been discussion among the Member States about the differences between the ePrivacy Regulation (referred to in the document by the abbreviation “ePR”) and the General Data Protection Regulation (“GDPR”), which went into effect in Europe on May 25, 2018. The Bulgarian President’s view is that ePR governs the protection of content during the exchange between end-users. Once it is received by the recipient, then how it is handled is controlled by GDPR. The document clarifies that there have been additions to the Recitals in order to clarify this relationship.
The Member States are also finetuning the language around the permissions to process data to maintain and restore the security of the electronic communication networks. According to the Bulgarian President, this language has been broaded to deal with possible cases of security risks.
The Member States have also had concerns around balancing the incentives for innovation with the protection of confidentiality of metadata. The Bulgarian President called this one of the most sensitive issues. There have been additions to the text to introduce the ability to process metadata for purposes of network management, optimization and statistical counting. Additional safeguards and recitals have been added to provide explanations of these sections. Some of the grounds for processing, such as vital interests or performance pursuant to contract, have also been amended or reformulated to move closer to achieve the appropriate balance. It seems clear from the summary that there will be more refinements in this area.
A new exception to the prohibition of Article 8 for the purpose of maintaining or restoring the security of information society services, preventing fraud, or detecting technical faults was added.
The text of Article 10 on privacy settings has been significantly revised. The text currently requires providers of software to inform end users about privacy settings at the time of installation or first use, as well as when updates change the privacy settings. The software also must offer users the choice to be reminded about the privacy settings options.
There have been a few changes to the data retention sections to allow for an exception regarding national security / defense as well as the ability of Member States to restrict the rights and obligations in order to protect people and enforce civil law claims. Based on the Bulgarian President’s comments, more work will be done on these sections (Articles 2 and 11).
The consent requirements for number-based interpersonal communications services in Article 15 have seen some debate. The consent requirement for including personal data in these directories has been maintained but Member States may individually eliminate this requirement by law and instead require directories to contain all numbers without consent as long as there is a right to object to inclusion.
New text in the proposal on direct marketing allows Member States to set a maximum period of time in which customer contact details can be used for direct marketing.
We will continue to follow the debate over the ePrivacy Regulation as more details are released. Here is the complete progress report (PDF).
Discover the Benefits of Privacy Management Software with Clarip
The Clarip data privacy software and team are available to help improve privacy and trust at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, try our modular GDPR software. Start with our automated GDPR data mapping software, enhance your privacy program with DPIA software, and meet ePrivacy requirements with the cookie consent manager.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
Other Blog Posts on ePrivacy Regulation:
ePrivacy Regulation Destined for a 2021 Start Date?
EDPB Releases Agenda of Fifth Plenary
Will 2019 Be the Year of GDPR Enforcement & Finalization of the ePrivacy Regulation?
EDPS Urges Adoption of ePrivacy Regulation
Latest on ePrivacy from Austria
EDPS on ePrivacy Regulation
Presidency Proposes Changes to ePrivacy Articles 6, 8 and 10
EDBP Pushes ePrivacy Regulation After GDPR Goes Into Effect
Revised ePrivacy Regulation Draft Circulated
