The ePrivacy Regulation (ePR) is a proposal for the regulation of various privacy-related topics, mostly in relation to electronic communications within the European Union. Its full name is "Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)." It would repeal the Privacy and Electronic Communications Directive 2002 (ePrivacy Directive) and would be lex specialis to the General Data Protection Regulation. It would particularise and complement the latter in respect of privacy-related topics. Key fields of the proposed regulation are the confidentiality of communications, privacy controls through electronic consent and browsers, and cookies.
The history of the regulation goes back to January 2017 when the European Commission proposed the ePrivacy Regulation.[1] The intention was that it would sit alongside the EU GDPR (General Data Protection Regulation) when it was introduced on 25 May 2018.[1] The scope is still under discussion.[2] According to some proposals, it would apply to any business that processes data in relation to any form of online communication service, uses online tracking technologies, or engages in electronic direct marketing.[3]
The proposed penalties for noncompliance would be up to €20 million or, in the case of an undertaking, up to 4% of the total worldwide annual turnover, whichever is higher.[4] The ePrivacy Regulation originally was intended to come in effect on 25 May 2018, together with the GDPR, but has still not been adopted.
The (new) ePrivacy Regulation will repeal the (current) ePrivacy Directive.
Contrary to an EU Directive, an EU Regulation is a legal act of the European Union that becomes immediately effective as law in all member states simultaneously.
The current ePrivacy Directive is a legal act of the European Union that requires member states to achieve a particular result without dictating the means of achieving that result. It has therefore been implemented into national laws and regulations. If the proposed ePrivacy Regulation became effective, these laws would be superseded and will (for reasons of clarity) likely be repealed. The ePrivacy Regulation would be self-executing and not require many implementing measures.
According to the EU Commission, the proposal includes the following key changes:[3]
In February 2021, the German Federal Commissioner for Data Protection and Freedom of Information saw multiple red lines being crossed. Data retention had again become part of the proposal, despite the fact that it had been ruled unlawful by many courts. The regulations concerning the Internet constituted a step back in that cookie walls would be again allowed. Important consumer rights such as the "right to object" and "data protection impact assessment" would be voided. Personal data could be processed for purposes different from the original ones without the person's consent. The "pay-or-allow-to-be-tracked" question to access a website would henceforth be permitted. The directive of 2001 required in its art 15(1) that data might be retained for an important public interest. The proposal now in 17a does not have such a reference to the public interest anymore.[5][6][7][8]
In March 2021, France was reported to be leading an effort to modify the ePrivacy initiative to exempt national security agencies from some provisions.[9]
On July 6, 2021, the European Parliament approved a derogation to the ePrivacy regulation that enables providers of electronic communication services to scan and report private online messages containing material depicting child sex abuse, and allow companies to apply approved technologies to detect grooming techniques.[10]
Original source: https://en.wikipedia.org/wiki/EPrivacy Regulation.
Read more |