On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November 27.

The proposed Regulation is intended as a replacement to the existing e-Privacy Directive, which sets out specific rules for traditional telecoms companies, in particular requiring that they keep communications data confidential and free from interference (e.g., preventing wiretapping).  It also sets out rules that apply regardless of whether a company provides telecoms services, including restrictions on unsolicited direct marketing and on accessing or storing information on users’ devices (e.g., through the use of cookies and other tracking technologies).

Substantively, the proposed Regulation aims to extend the rules that currently apply specifically to telecoms companies to “over-the-top” service providers.  Initial versions included stringent restrictions on when electronic communications data (including both content and metadata) could be used without consent, which was the subject of significant debate and disagreement.  Despite proposals from both the European Commission and Parliament, negotiations on a Council proposal have been in deadlock for more than two years, culminating in the rejection of the Finnish Presidency’s text after substantial, but ultimately unsuccessful, efforts to find agreement.

The Council has released a progress report, noting the areas on which agreement could not be reached, including:

  • The scope of the Regulation, particularly its application to processing of electronic communications data by end-users of a service or by entrusted third parties who might receive that data.
  • The appropriate solution to allow the processing of electronic communications data for the purposes of prevention of child abuse imagery.
  • Whether an exception should be included to permit the processing of electronic communications data for the prevention of other serious crimes, in particular terrorism.
  • The appropriate rules for storing or accessing information on users’ devices, which should protect existing business models and also respect the GDPR’s rules. For example, there was disagreement around whether giving consent to the use of cookies or other tracking technologies could be a condition of access to a website or service.
  • How to facilitate effective cooperation between national supervisory authorities, and what role the European Data Protection Board should have.
  • How the proposed Regulation will operate in relation to new technologies, particularly machine-to-machine and Internet of Things services.

Following the Council’s failure to agree a proposal and in light of the installation of the new Commission, questions were asked about the viability of the current proposals.  Although Breton later stated to the press that all options remain on the table, including continuing with negotiations on those existing proposals and taking into account agreed elements of the current proposal successes, his statement suggests that the Commission ultimately may reconsider the approach to e-Privacy.  It remains to be seen, and we will continue to monitor, exactly how any new approach will address the concerns raised in the Council and be reconciled with the views of the European Parliament.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lisa Peets Lisa Peets

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this…

Lisa Peets is co-chair of the firm’s Technology and Communications Regulation Practice Group and a member of the firm’s global Management Committee. Lisa divides her time between London and Brussels, and her practice embraces regulatory compliance and investigations alongside legislative advocacy. In this context, she has worked closely with many of the world’s best-known technology companies.

Lisa counsels clients on a range of EU and UK legal frameworks affecting technology providers, including data protection, content moderation, platform regulation, copyright, e-commerce and consumer protection, and the rapidly expanding universe of additional rules applicable to technology, data and online services. Lisa also routinely advises clients in and outside of the technology sector on trade related matters, including EU trade controls rules.

According to Chambers UK (2024 edition), “Lisa provides an excellent service and familiarity with client needs.”

Photo of Paul Maynard Paul Maynard

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.