The draft ePrivacy Regulation has been talked about for almost as long as the GDPR itself. Initially, there was even consideration of it entering into force at the same time as the GDPR (back in May 2018). Those timings have obviously slipped. There are various sticking points, but the overall issue is that any new law that looks to impact the European digital economy (a key potential source of economic growth across the block) is always going to be sensitive for Member States (and other stakeholders). As such, it is no surprise that draft remains in stalemate within the European Council (the body that comprises Member State government representatives).
By way of update on where things currently sit, on 5 January 2021, the Council of the European Union, under the 6 month Council presidency of Portugal (which lasts from 1 January 2021 until 1 July 2021, when it will pass to Slovenia) released a new, draft version of the ePrivacy Regulation – the 14th draft to date!
One key theme to address is what the text says about businesses’ ability to rely on a lawful basis other than consent in order to process electronic communications’ metadata and place cookies, or similar technologies, on end-user’s terminals (i.e. devices).
The law as it stands (under the ePrivacy Directive and implementing national legislation) is fairly restrictive, requiring the end user’s GDPR compliant consent subject to a few exemptions (generally where the activity is strictly necessary) in order to place a cookie. By way of reminder, this is why we see so many cookie banners on websites these days!
Various drafts of the ePrivacy Regulation since 2017 have gone backwards and forwards loosening or tightening these restrictions. Critics of the consent approach have long argued that the mechanism does not achieve its aim of protecting the privacy of individuals and instead creates frustration and ‘consent fatigue’ amongst individuals. They maintain that other lawful bases should also be made valid.
An earlier draft of the regulation had inserted legitimate interest as a lawful basis to process data, however, this was largely withdrawn during the recent German presidency (which lasted from 1 July 2020 until 1 December 2020) and remains absent from this draft. The current draft does, however, introduce the prospect of relying on the lawful basis of “performance of a contract”.
There are various other amendments which will be considered in detail by the Council over the next 6 months, although it is too early to tell whether this draft will be any more likely to secure the support of the other Members States. Of course, it remains a further open question as to whether the UK would seek to mirror the ePrivacy Regulation under UK law post-Brexit, or whether this will be one of the first areas where we see real divergence.
We will keep you posted.
For more information please contact Jonathan McDonald and Olivia Crane.
Olivia Crane quoted by SoGlos on the increasing issue of cyber fraud being faced by businesses in Gloucestershire
Cyber fraud has cost Gloucestershire businesses around £369,800 in the last 13 months.
Tattoos, athletes and image rights
Campaigns featuring athletes often include visible tattoos and a number of recent legal cases demonstrate the issues that may arise.
Food Sector steps up on climate goals
Blue Sky Linking
Daniel looks at Sky's recent success in obtaining interim protection from infringement of their broadcast rights
Don’t Gamble on Bingo Ads, Warns ASA
The ASA has issued a reminder to advertisers that bingo adverts will be treated as gambling ads for the purpose of standards regulation.
Recording Phone Calls: Don’t take Consent for Granted
What if an interviewee who is being called and interviewed “live” does not actually know he/she is on live television?
Continuing Progress in the Sphere of Inclusive and Non-Discriminatory Advertising
The latest developments from the ASA, CAP and BCAP relating to the advertising regulators’ attempts to tackle discrimination in advertising.
Top 7 Data Protection Tips for Employers
Here are our top 7 data protection tips for employers.
There has been an increase in online phising attacks over the past year - but why?
UK and EU launch two-pronged attack into whether Facebook is abusing a dominant market position
The CMA and the European Commission have said that they intend to work together closely as their respective investigations develop.
Jason Saiban and Caroline Swain among contributors to the ICLG Guide on Digital Business Laws and Regulations in the UK
An overview of the laws and regulations for digital businesses operating in the UK.
Draft Online Safety Bill: Regulating the online world
On 12 May 2021, the UK government published the draft Online Safety Bill...
Counterfeit goods – online platforms and luxury brands take a new collaborative approach
Online retail has been increasing for the best part of a decade due to a shift in consumer behaviour.
Charles Russell Speechlys proud to sponsor the ‘Outstanding Achievement’ award at the final Sunday Times Virgin Fast Track 100 awards
The awards celebrated the successes of Britain’s 100 private companies with the fastest-growing sales.
New foreign ownership rules take effect on 1 June 2021
Trade Marks - what is bad faith?
In any legal dispute, the term ‘bad faith’ is often banded about.
Public Company Update - May 2021
Read the May 2021 edition of our biannual Public Company Update.
Data Protection: All roads lead back to the GDPR
Across the globe, jurisdictions continue to develop their data protection and privacy laws.
Music to our ears? Well, perhaps not for Apple.
A feud first began when the music streaming giant, Spotify, filed a complaint against music streaming provide rand competitor, Apple Inc.
Risk allocation in commercial leases: the High Court considers rent suspension, insurance and frustration arguments
Read our summary of the full judgement on the latest Covid arrears case.