On 10 February 2021, the EU Member States agreed on a negotiating mandate for revised rules on the privacy and confidentiality in the use of electronic communications services, which allows the Council presidency to start discussions with the European Parliament on the final text of the planned “ePrivacy” Regulation.
The Proposal for the Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) ('the ePrivacy Regulation') was originally presented in 2017 with the intention of harmonizing the fragmented approach towards privacy in electronic communications under the Directive on Privacy and Electronic Communications (2002/58/EC).
The ePrivacy Regulation will apply to (i) the processing of electronic communications content and of electronic communications metadata carried out in connection with the provision and the use of electronic communications services (the rules will also cover machine-to-machine data transmitted via a public network : “Internet of Things”), (ii) the information in end-users' terminal equipment, (iii) the offering of a publicly available directory of end-users of electronic communication services, as well as (iv) the sending of direct marketing communications.
The rules will apply when end-users are in the European Union. This also covers cases where the processing takes place outside the European Union or the service provider is established or located outside the European Union.
Unlike the (EU) 2016/679 General Data Protection Regulation (GDPR), which it complements, many e-Privacy provisions will apply to both natural and legal persons.
One hot topic relates to tracking technologies (e.g., cookies). The Council defends that end-users shall have a genuine choice on whether to accept these technologies. Moreover, making access to a website dependent on consent to the use of cookies for additional purposes, as an alternative to a paywall, may be lawful if the user is able to choose between this offer and an equivalent offer not involving cookie consent.
In addition, web browsers are encouraged to provide easy ways for end-users to change the privacy settings at any time during use and to allow the user to make exceptions for or to whitelist certain websites or to specify for which websites (third) party cookies are always or never allowed.
In a context of changing rules on tracking technologies/cookies, following the publication, by the French data protection agency (CNIL), of Guidelines and a Recommendation that must be enforced by March 31, 2021, it will be interesting to see how this Proposal will be finalized.
For more information, you can read the European Council’s press release https://www.consilium.europa.eu/en/press/press-releases/2021/02/10/confidentiality-of-electronic-communications-council-agrees-its-position-on-eprivacy-rules/ and the Proposal https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017PC0010