Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsLatest on ePrivacy Regulations from Austria
Our last update on the ePrivacy Regulation (ePR) was over the summer, when the Austrian presidency introduced compromise text in July and the debate centered on changes to Articles 6, 8 and 10. We have just reviewed the proposed changes released on September 20, 2018 by the Presidency, issued ahead of the September 27th WP TELE meeting of the delegations.
The introduction to the latest draft of ePR includes a number of questions raised by the delegations in response to the last draft (from July). These questions include:
– The precise scope of the regulation and delineation from GDPR.
– The interplay and tension between the fundamental rights of confidentiality and data protection.
– The treatment of GPS location data.
– The intersection of the ePrivacy Regulation and the European goals of advancements in AI, IoT and automated driving.
The Presidency is continuing to attempt to narrow the concerns of the delegations. Here are a few of the areas where the delegations are still having discussions (according to the draft before the Sept. 27th meeting):
In Article 6 (permitted processing), there will be additional disccussions on whether to tighten the concept of further processing of electronic metadata by including additional safeguards, or introducing further flexibility by aligning the text closer to GDPR.
Concerning Article 8 (protection of end-users’ terminal equipment information), there are going to be continuing discussions on conditional access to website content that is discussed in recital 20.
The Presidency has also introduced modifications to Article 2 in order to address requests for modifications of ePrivacy’s coverage of information security measures located in Article 6(1)(b).
Many other smaller changes are identified by the latest draft.
Here is the link to the letter with the revised text (PDF).
When will ePrivacy be finalized?
This is the one of the biggest questions around ePrivacy right now and it remained unaddressed in the September discussion paper and revisions. Given the continuing debate around some of the substantive provisions and the text, it is unlikely to be wrapped up during the term of the Austrian presidency. The most recent estimate that I have seen was possibly summer 2019. With an additional one or two years for implementation of the law by organizations, it could go into effect at the earliest in 2020 (or possibly 2021). The original goal was to have both GDPR and ePR go into effect at the same time (May 2018), so it remains to be seen whether the differences over the law can be narrowed and this time frame met by the European Union.
EU GDPR
– GDPR Compliance
– Consent Management Software
– GDPR Data Mapping Software
– DSAR Portal
– GDPR Text
ePrivacy
– Cookie Scanner
– Cookie Banner Generator
– Cookie Consent Manager
– ePrivacy Regulation
California Consumer Privacy Act
– CCPA Summary
– CCPA vs GDPR
– CCPA Privacy Software
– CCPA Webinar
Other Blog Posts on ePrivacy Regulation:
ePrivacy Regulation Destined for a 2021 Start Date?
EDPB Releases Agenda of Fifth Plenary
Will 2019 Be the Year of GDPR Enforcement & Finalization of the ePrivacy Regulation?
EDPS Urges Adoption of ePrivacy Regulation
EDPS on ePrivacy Regulation
Presidency Proposes Changes to ePrivacy Articles 6, 8 and 10
Significant Progress on ePrivacy Regulation Highlighted by Progress Report
EDBP Pushes ePrivacy Regulation After GDPR Goes Into Effect
Revised ePrivacy Regulation Draft Circulated
