Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsNew ePrivacy Regulation Draft in July with Article 5-7 Changes
The Finnish presidency has issued a new draft of the ePrivacy Regulation (ePR) in advance of a WP TELE meeting on September 9, 2019. The updated draft focuses on changes to Articles 5-7. The update follows proposed changes in the text by Germany earlier in the month.
The September WP TELE meeting will also address Articles 8 and 10 if time permits, although no modifications to them have been introduced so far. Articles 12-16 are not on the agenda for the September meeting, although there were a few changes to the text and corresponding recitals as part of the latest update.
The primary changes involve modifications to Article 6 aimed to simplify it by dividing it into 4 articles:
Article 6 – processing of all communications data
Article 6a – processing of communications content
Article 6b – processing of communications metadata
Article 6c: further processing of communications metadata
The child imagery issue which was previously handled in Article 6 has now been moved to Article 29.
The proposed changes by the Finnish presidency followed a response to the call for comments about the state of the draft ePrivacy Regulation by Germany, which responded in July with its general support for the effort but substantial concerns about the current text. Germany considered the current ePR text unacceptable because in its view it does not contain the level of protection for end-users and the confidentiality of communications warranted by the sensitive personal data contained within communications data. If the ePR is going to stand beside GDPR in its view, then a number of changes to the text are warranted.
Germany believes:
– Communications data must not be processed without the consent of the end-user or a limited set of justified exceptions and the current text does not meet this standard.
– The ePrivacy Regulation should always cover communications data held by communications service providers, rather than be limited as in the current draft to receipt of the message.
With discussions over the text continuing into the back half of the year and a major member-state unable to support the current version, it seems likely that we are looking at 2020 adoption at the earliest for the ePR. This would push the effective date for the ePrivacy Regulation out to 2022 if it is given the anticipated two year implementation period before enforcement (which is contained in the current draft).
