Welcome
Privacy & Data Security Law News

EU May Overhaul ePrivacy Plan After Nations Criticize It

Dec. 3, 2019, 4:09 PM

The European Commission may overhaul a stalled 2017 ePrivacy proposal after countries in the bloc said the plan may harm the digital economy.

The commission may publish a new proposal next year or amend the current plan, Thierry Breton, the top official for the European Union internal market, said Dec. 3, when he met with EU telecommunications ministers. The commission will consult member countries before deciding, he said.

A new ePrivacy law, which would replace rules dating back to 2002, would aim to protect the confidentiality of electronic communications and set rules in areas including cookies and online advertising.

However, ministers from countries including Austria, Belgium, the Czech Republic, France, Germany, and Poland said the 2017 proposal is out-of-date and may hurt the tech industry with its limits on the processing of communications data.

The ePrivacy proposal had “an ineffective approach” to backing innovation while protecting privacy, Eduardo Ustaran, a partner with Hogan Lovells International LLP in London, said in an email.

The possible overhaul is welcome news to a tech industry that has viewed the ePrivacy plan as overly restrictive. A new proposal may bring a “fresh approach with a clear plan and a better involvement of stakeholders,” Jörg Hladjk, a partner with Jones Day in Brussels, said in an interview.

The proposal has been stalled in discussions among EU countries, though the European Parliament approved it in October 2017. Its draft rules include a broad prohibition on the processing data held on users’ devices without consent, and requiring user permission for electronic marketing and an opt-in for non-essential cookies.

Estelle Massé, global data protection lead with digital rights watchdog Access Now, said the proposal mixed up commercial and law enforcement access to data, which should be dealt with separately.

Officials should reconsider the plan on the basis of lessons learned from the EU’s general data protection regulation, said Gregor Schusterschitz, Austria’s deputy representative to the EU. The commission is required to publish a report on the GDPR, with any recommendations for revisions by May 25. The ePrivacy rules are seen as a complement to that law.

Hladjk said of ePrivacy, “Online advertising should have clear rules, but currently, the proposal is way too confusing.”

To contact the reporter on this story: Stephen Gardner in Brussels at correspondents@bloomberglaw.com

To contact the editor responsible for this story: John Hughes at jhughes@bloomberglaw.com; Keith Perine at kperine@bloomberglaw.com