Update on e-Privacy Directive and Reform
On 10 January 2017 the European Commission (the "Commission") published the draft e-Privacy Regulation (COM(2017) 10 final) (the "Regulation") which is intended to replace the current e-Privacy Directive (2002/58/EC) and will be applied throughout the EU (allowing for more streamlined compliance procedures across all 28 member states).
Some of the main features of the draft Regulation are summarised below.
- Scope. The Regulation will apply to all electronic communications service providers (such as WhatsApp, Facebook Messenger and Skype) rather than just traditional telecoms service providers as provided under the current e-Privacy Directive.
- Confidentiality. The importance of confidentiality has been emphasised and all electronic communications must be kept confidential. Interference (such as listening, tapping, intercepting, scanning and storing of communications such as SMS messages, emails or voice calls) is prohibited without user consent. Consent is given the same meaning as under Article 4 of the General Data Protection Regulation (GDPR).
- Communications content and metadata. Metadata (for example, timing, location and duration of a call) and user browsing history will need to be anonymised or deleted unless consent has been given by the users to its retention (save where the data is required for billing). Existing rules limiting how traditional telecoms operators can use this data have been expanded (subject to consent and compliance with certain safeguards) giving businesses the opportunity to expand their service offering.
- Devices. Information stored in end-user terminal equipment (for example, tablets and laptops) cannot be accessed except where consent has been given or where use of device capabilities or collection of information is necessary to facilitate technical provision of services to the user.
- Spam. Consent must be given before any unsolicited commercial communications can be sent (although the current soft opt-in for electronic mail remains). Member states may also create rules allowing individuals the right to object to marketing calls (by registering for a do-not-call list). Marketing callers will be required to display their caller ID or use a special pre-fix which identifies a marketing call.
- Cookies. The consent process for internet users is being simplified with the introduction of varying levels of privacy through users' browser settings. The requirement for banner-type cookie consents is being removed. Cookies which are not privacy-intrusive will not require consent (for example, those used to improve user experience, remember shopping cart history and maintain login information for the same browsing session).
- Enforcement. National data protection authorities will be responsible for enforcing the new Regulation (as for the GDPR). Fines for non-compliance in relation to notice and consent, unsolicited communications and default privacy settings could be up to €10 million or 2% of worldwide annual turnover of an undertaking (whichever is higher). Higher fines of up to €20 million or 4% of worldwide annual turnover (whichever is higher) may be enforced for breaches of the provisions on confidentiality, processing of electronic communications data and limits on data erasure time periods. Individuals will have remedies against both data controllers and data processors and a right to compensation for material or non-material damage.
The Commission anticipates the Regulation will come into force from 25 May 2018, alongside the GDPR. Although ambitious (the Regulation is only at the start of a lengthy legislative process), the draft Regulation is shorter and narrower in scope than the GDPR and may not take as long to finalise; businesses should therefore keep watch over the next eighteen months to ensure they are prepared for any additional hurdles the Regulation presents to ensure their continued compliance with e-Privacy laws.
This article was written by Caroline Young. For more information, please contact Caroline on +44 (0)20 7203 5381 or at caroline.young@crsblaw.com
Our thinking
Mark Howard
IT Pro quotes Mark Howard on investment in UK tech start-ups
"The UK has the strongest venture and growth capital funding ecosystem in Europe.”
Chris Haywood
Chris Haywood writes for The Oath on the impact of Dubai's new Virtual Asset Law on NFTs and the metaverse
A future-ready framework?
Darren Bailey
The Financial Times quotes Darren Bailey on the European Super League and the landmark case at the ECJ
“A win for the clubs may well lead to a far more fragmented football landscape"
Nic Couchman
Charles Russell Speechlys advises Fresh Air Festival on the Bangkok Century Cup 2022
Charles Russell Speechlys advises Fresh Air Festival on the Bangkok Century Cup 2022
Rudy Capildeo
Art Net quotes Rudy Capildeo on a new legislative change re: criminal damage to memorials
“A political judgement appears to be being placed on the content of the graffiti rather than the act of vandalism itself.”
Emma Humphreys
Property Week quotes Emma Humphreys on the Electronic Communications Code
Judgment on telephone masts clarifies the rights of landowners
Darren Bailey
City AM quotes Darren Bailey on the European Super League and the upcoming hearing at the ECJ
“The ramifications of the ECJ judgment for the future shape of football… cannot be underestimated".
Paul Stone
Paul Stone provides comment for City AM on the EU’s stamp of approval for digital laws
EU’s stamp of approval for digital laws risks putting the UK behind
Mark Hill
Media & Entertainment: The Changing Landscape in the Middle East
The media and entertainment industries in the Middle East have changed significantly since the onset of the Covid-19 pandemic.
Paul Stone
City AM quotes Paul Stone on the CMA's investigation into Amazon
"The latest UK investigation looks like a “carbon copy” of its European counterparts"
Grégoire Uldry
New Swiss succession law on the transfer of businesses
On 10 June 2022, the Federal Council adopted its Message amending the Civil Code on the transfer of businesses by succession.
Joshua Green
Joshua Green writes for Spear's Magazine on Wagatha Christie’s lessons for HNWs
Wagatha Christie’s lessons for HNWs
Stephanie Bonnello
Stephanie Bonnello writes for the Practical Law Dispute Resolution blog on witness evidence
When are witness summaries permitted instead of witness statements and when should material be struck out from a witness statement?
Emma Humphreys
Emma Humphreys and Paul McCarthy write for Property Week on the new landlord digital ID checks
Emma Humphreys and Paul McCarthy write for Property Week on new landlord digital ID checks
Louise Paterson
Artnet quotes Louise Paterson on the Ivory Act
UK’s Ivory Act comes into force
Nick Hawkins
Nick Hawkins writes for Employment Law Journal on demystifying employment contracts
Key considerations for drafting effective post- termination restrictions
Pei Li Kew
Pei Li Kew writes for Pharmacy Business on the link between pharmacy and IP
Pei Li Kew writes for Pharmacy Business on the link between pharmacy and IP
Mark Howard
Charles Russell Speechlys advises Acora on its acquisition of Secrutiny
Charles Russell Speechlys advises Acora on its acquisition of Secrutiny
Jonathan McDonald
Jonathan McDonald provides comment for City AM on the Data Reform Bill announced in the Queen's Speech
Jonathan McDonald provides comment for City AM on the Data Reform Bill announced in the Queen's Speech
Natalie Batra
Patents and Peppa Pig: What is happening to intellectual property rights in Russia?
Certain Russian individuals and businesses can now use patents, utility models and industrial designs without obtaining prior permission.