Update on e-Privacy Directive and Reform
On 10 January 2017 the European Commission (the "Commission") published the draft e-Privacy Regulation (COM(2017) 10 final) (the "Regulation") which is intended to replace the current e-Privacy Directive (2002/58/EC) and will be applied throughout the EU (allowing for more streamlined compliance procedures across all 28 member states).
Some of the main features of the draft Regulation are summarised below.
- Scope. The Regulation will apply to all electronic communications service providers (such as WhatsApp, Facebook Messenger and Skype) rather than just traditional telecoms service providers as provided under the current e-Privacy Directive.
- Confidentiality. The importance of confidentiality has been emphasised and all electronic communications must be kept confidential. Interference (such as listening, tapping, intercepting, scanning and storing of communications such as SMS messages, emails or voice calls) is prohibited without user consent. Consent is given the same meaning as under Article 4 of the General Data Protection Regulation (GDPR).
- Communications content and metadata. Metadata (for example, timing, location and duration of a call) and user browsing history will need to be anonymised or deleted unless consent has been given by the users to its retention (save where the data is required for billing). Existing rules limiting how traditional telecoms operators can use this data have been expanded (subject to consent and compliance with certain safeguards) giving businesses the opportunity to expand their service offering.
- Devices. Information stored in end-user terminal equipment (for example, tablets and laptops) cannot be accessed except where consent has been given or where use of device capabilities or collection of information is necessary to facilitate technical provision of services to the user.
- Spam. Consent must be given before any unsolicited commercial communications can be sent (although the current soft opt-in for electronic mail remains). Member states may also create rules allowing individuals the right to object to marketing calls (by registering for a do-not-call list). Marketing callers will be required to display their caller ID or use a special pre-fix which identifies a marketing call.
- Cookies. The consent process for internet users is being simplified with the introduction of varying levels of privacy through users' browser settings. The requirement for banner-type cookie consents is being removed. Cookies which are not privacy-intrusive will not require consent (for example, those used to improve user experience, remember shopping cart history and maintain login information for the same browsing session).
- Enforcement. National data protection authorities will be responsible for enforcing the new Regulation (as for the GDPR). Fines for non-compliance in relation to notice and consent, unsolicited communications and default privacy settings could be up to €10 million or 2% of worldwide annual turnover of an undertaking (whichever is higher). Higher fines of up to €20 million or 4% of worldwide annual turnover (whichever is higher) may be enforced for breaches of the provisions on confidentiality, processing of electronic communications data and limits on data erasure time periods. Individuals will have remedies against both data controllers and data processors and a right to compensation for material or non-material damage.
The Commission anticipates the Regulation will come into force from 25 May 2018, alongside the GDPR. Although ambitious (the Regulation is only at the start of a lengthy legislative process), the draft Regulation is shorter and narrower in scope than the GDPR and may not take as long to finalise; businesses should therefore keep watch over the next eighteen months to ensure they are prepared for any additional hurdles the Regulation presents to ensure their continued compliance with e-Privacy laws.
This article was written by Caroline Young. For more information, please contact Caroline on +44 (0)20 7203 5381 or at firstname.lastname@example.org
Fiona Edmond and Mark Smith write for Property Week on data centres as an infrastructure asset class
The complexity of operational issues is something those new to the sector may not anticipate and interest is likely to increase.
Charles Russell Speechlys advises discoverIE on its acquisition of Antenova
discoverIE is a leading international designer, manufacturer and supplier of customised electronics to industry.
Coded messages for landlords and tenants
“What does the code of practice mean for landlords and tenants? Read more here”
Gareth Mills writes for Lexology Getting The Deal Through on technology disputes in Bahrain
The most common disputes occur following perceived or actual failures to deliver required technology services an lack of clarity.
Charles Russell Speechlys advises Acora on acquisition of Westgate IT
Westgate IT specialises in providing IT support to businesses in the South West.
Jason Saiban writes for Food Manufacture on the food industry's climate change challenge
The key challenge will be how the environmental targets are actually met.
Grab the tail by the horns - Why is tail spend so critical in today’s outsourced portfolio?
It’s usually invisible, but in all likelihood, you’ve got tail spend.
Charles Russell Speechlys advises Appital Ltd on £2.5m Investment led by Frontline Ventures
Appital is an Equity Capital Marketplace which aims to bring innovation to Equity Capital Markets.
Mark Hill writes for In-House Community Magazine on solutions templating, a new priority for in-house legal teams
Removing the burden from legal teams, contract managers and administrators.
Charles Russell Speechlys advises Metier on US$39m investment into Africa Mobile Networks
AMN builds, owns, operates and maintains mobile network infrastructure in Africa.
Olivia Crane quoted by SoGlos on the increasing issue of cyber fraud being faced by businesses in Gloucestershire
Cyber fraud has cost Gloucestershire businesses around £369,800 in the last 13 months.
Tattoos, athletes and image rights
Campaigns featuring athletes often include visible tattoos and a number of recent legal cases demonstrate the issues that may arise.
Blue Sky Linking
Daniel looks at Sky's recent success in obtaining interim protection from infringement of their broadcast rights
The regulation of big tech: a changing tide?
Sonia takes a look at the two main areas where the UK is increasing the regulation of Big Tech in 2021
Don’t Gamble on Bingo Ads, Warns ASA
The ASA has issued a reminder to advertisers that bingo adverts will be treated as gambling ads for the purpose of standards regulation.
Recording Phone Calls: Don’t take Consent for Granted
What if an interviewee who is being called and interviewed “live” does not actually know he/she is on live television?
Continuing Progress in the Sphere of Inclusive and Non-Discriminatory Advertising
The latest developments from the ASA, CAP and BCAP relating to the advertising regulators’ attempts to tackle discrimination in advertising.
eCommerce and the Post-Brexit State of Play
Key UK and EU legislation governing how online platforms deal with consumers and their business users.
Top 7 Data Protection Tips for Employers
Here are our top 7 data protection tips for employers.
There has been an increase in online phising attacks over the past year - but why?