Update on e-Privacy Directive and Reform
On 10 January 2017 the European Commission (the "Commission") published the draft e-Privacy Regulation (COM(2017) 10 final) (the "Regulation") which is intended to replace the current e-Privacy Directive (2002/58/EC) and will be applied throughout the EU (allowing for more streamlined compliance procedures across all 28 member states).
Some of the main features of the draft Regulation are summarised below.
- Scope. The Regulation will apply to all electronic communications service providers (such as WhatsApp, Facebook Messenger and Skype) rather than just traditional telecoms service providers as provided under the current e-Privacy Directive.
- Confidentiality. The importance of confidentiality has been emphasised and all electronic communications must be kept confidential. Interference (such as listening, tapping, intercepting, scanning and storing of communications such as SMS messages, emails or voice calls) is prohibited without user consent. Consent is given the same meaning as under Article 4 of the General Data Protection Regulation (GDPR).
- Communications content and metadata. Metadata (for example, timing, location and duration of a call) and user browsing history will need to be anonymised or deleted unless consent has been given by the users to its retention (save where the data is required for billing). Existing rules limiting how traditional telecoms operators can use this data have been expanded (subject to consent and compliance with certain safeguards) giving businesses the opportunity to expand their service offering.
- Devices. Information stored in end-user terminal equipment (for example, tablets and laptops) cannot be accessed except where consent has been given or where use of device capabilities or collection of information is necessary to facilitate technical provision of services to the user.
- Spam. Consent must be given before any unsolicited commercial communications can be sent (although the current soft opt-in for electronic mail remains). Member states may also create rules allowing individuals the right to object to marketing calls (by registering for a do-not-call list). Marketing callers will be required to display their caller ID or use a special pre-fix which identifies a marketing call.
- Cookies. The consent process for internet users is being simplified with the introduction of varying levels of privacy through users' browser settings. The requirement for banner-type cookie consents is being removed. Cookies which are not privacy-intrusive will not require consent (for example, those used to improve user experience, remember shopping cart history and maintain login information for the same browsing session).
- Enforcement. National data protection authorities will be responsible for enforcing the new Regulation (as for the GDPR). Fines for non-compliance in relation to notice and consent, unsolicited communications and default privacy settings could be up to €10 million or 2% of worldwide annual turnover of an undertaking (whichever is higher). Higher fines of up to €20 million or 4% of worldwide annual turnover (whichever is higher) may be enforced for breaches of the provisions on confidentiality, processing of electronic communications data and limits on data erasure time periods. Individuals will have remedies against both data controllers and data processors and a right to compensation for material or non-material damage.
The Commission anticipates the Regulation will come into force from 25 May 2018, alongside the GDPR. Although ambitious (the Regulation is only at the start of a lengthy legislative process), the draft Regulation is shorter and narrower in scope than the GDPR and may not take as long to finalise; businesses should therefore keep watch over the next eighteen months to ensure they are prepared for any additional hurdles the Regulation presents to ensure their continued compliance with e-Privacy laws.
This article was written by Caroline Young. For more information, please contact Caroline on +44 (0)20 7203 5381 or at firstname.lastname@example.org
Online safety – 2022 begins with regulatory developments in both the UK and the EU
Last week saw developments within the UK and EU in their attempts to ensure online businesses do more to address illegal online content.
Is Buy Now, Pay Later creating a new debt crisis?
BNPL providers are quick to claim that their services are offered with “no interest and no fees”, but is this really the case?
Social Tokens: What are the regulatory challenges in the UK?
Social tokens are one of the latest innovations in the crypto space and have grown significantly in recent years.
National Security and Investment Act comes into force
The Act has established a new regime for the review of mergers, acquisitions and transactions that could threaten national security.
Richard Davies and Rahim Hirji write for the American Bar Association on tattoos, athletes and image rights
LeBron James. Zlatan Ibrahimović. Mike Tyson. What is the common factor?
Gareth Mills, Georgina Munnik and Sam Saunders write for International Comparative Legal Guide - Telecoms, Media & Internet
The chapter covers common issues in Bahrain's telecoms, media & internet laws and regulations.
Sarah Rowley appears in the Apollo and Charles Russell Speechlys’ art law series on the future of museum governance
Are the responsibilities and duties of museum boards in the UK the same as they were, say, 20 years ago?
Charles Russell Speechlys advises Acora on the acquisition of M9 Holdings
The acquisition of M9 Holdings marks the latest stage in Acora’s growth journey.
Sports Business: Five Current Themes
Nick White goes early with his thoughts on this year's Sports Business themes.
Charles Russell Speechlys advises Dentex on the acquisition of Courtyard Dental Practice
Dentex is a fast-growing dental group focussed on developing its practices and optimising how dental practices operate.
Jonathan McDonald quoted by The Guardian and the Evening Standard on the Google Supreme Court decision
Jonathan comments on the implications of Lloyd v Google LLC.
Charles Russell Speechlys advises Puma Private Equity on their investment into Everpress
Puma Private Equity offers a wide range of award-winning investments that help to support investors.
Gareth Mills, Georgina Munnik and Thomas Catto write for The Technology Disputes Law Review on Bahrain's technology laws
Bahrain continues to be a regional HUB for ICT and technology innovation.
Fairhurst v Woodard: Property audio and video surveillance system breached GDPR
A recent judgment from Oxford County Court raises significant questions about the increasing use of smart doorbells and cameras.
Top 5 Data Protection Tips
Jonathan and Marc-Us explore the top 5 data protection tips
Will JP Morgan’s digital only Chase launch shake up the UK retail banking sector?
Chase is JP Morgan’s consumer brand and is one of the largest retail banks in the United States with over 4,700 branches.
Who? Where? What on earth is an “NFT”!?
An NFT is a “Non-Replaceable Token” meaning only one of its type can ever be created and recorded on the blockchain it is connected to.
How does the FCA Cryptoasset AML/CTF Regime affect UK cryptoasset businesses?
With the notable exception of security tokens, the majority of cryptoassets remain unregulated in the United Kingdom.
Overhaul of London's stock market listing regime set to significantly boost capital raising opportunities for high-growth and founder-led technology companies
The review was triggered by Brexit and the opportunity for London’s capital markets to move away from EU rules.
Business South, the Surrey Chambers of Commerce and Insider Media report on the firm’s involvement in CMO Group Plc’s acquisition of JTM Plumbing Ltd
The firm advised CMO Group Plc, UK’s largest pureplay online retailer of building materials on its acquisition of JTM Plumbing Limited.