The draft E-privacy regulation did not receive enough support during the meeting of the Permanent Representatives Committee that took place on November 22, 2019 under the Finish Presidency.
The Member States have been negotiating this proposal since 2017, in order to align rules for electronic communications with the GDPR. However, this surprising setback may lead to either the full redrafting of the proposal or its withdrawal.
Context
The Commission adopted the proposal for a Regulation on Privacy and Electronic Communications (ePrivacy proposal) on 10 January 2017 with the aim to replace the current ePrivacy Directive 2002/58/EC.
It was for the Council of the European Union to review the proposal with a view to adopting a general approach on December 3, 2019.
The preparatory work was carried out by the Working Party on Telecommunications and Information Society (WP TELE). Under the Finnish Presidency, the WP TELE examined this proposal on ten occasions and the Presidency issued a number of new compromise texts. When presenting the proposal amended with the compromised texts to the Permanent Representatives Committee, it did not receive enough support to go any further.
The report mentioned that “the discussion in the WP TELE was difficult and revealed different views and priorities among Member States on several aspects of the proposal”. The main elements discussed in the WP TELE during the second half of 2019 are outlined below.
Main elements discussed in the WP TELE
The processing of electronic communications data for the purposes of prevention of child abuse imagery: The presidency introduced a permanent ground for such processing and at the same time, appropriate safeguards to frame such processing.
However, a number of delegations also believed that the processing of electronic communications for the prevention of other serious crimes such as terrorism, should also be covered in the ePrivacy Regulation.
The protection of terminal equipment information (cookies): the main issue was about the conditional access to website content and the need not to undermine existing business models while respecting the relevant conditions under the General Data Protection Regulation. The relevant recitals were clarified in order to address the issue.
The scope of the Regulation: The presidency clarified the scope of the Regulation, in particular with regard to the processing of electronic communications data by the end-users or entrusted third parties after receipt, or upon receipt for ensuring the security of the end-user’s network and information systems.
Cooperation among the authorities: Delegations raised concerns about the cooperation among various authorities involved (in particular, data protection authorities and national regulatory authorities) and with regard to the role and involvement of the European Data Protection Board (EDPB). The Presidency proposed to include an obligation for the EDPB to consult supervisory authorities (which are not Data Protection Authorities) before exercising its tasks under the ePrivacy Regulation.
New technologies and machine-to-machine, internet of things: Delegations raised concerns about the way the ePrivacy proposal would interact with new technologies. The Presidency introduced further clarifications in the relevant recitals (e.g. 12 and 21), on consent in such cases and clarified in which situations such services would be covered by the ePrivacy rules.
Despite the efforts to clarify the text and take in consideration the delegations’ concerns, the text did not receive sufficient support to go any further when presented to the Permanent Representatives Committee. Redrafting of the proposal may be proposed under the new Presidency or it may be withdrawn.
