Data Protection Academy » Data Protection Wiki » The ePrivacy Regulation
The ePrivacy Regulation
What is the ePrivacy Regulation?
The EU's e-Privacy Regulation aims to individual-related data in electronic communications. It will replace the e-Privacy Directive of 2002, which the German legislator has largely implemented in the Telemedia Act and the Telecommunications Act. The Regulation, on the other hand, will be directly applicable. Due to technical and economic developments since 2002, the new regulation has become necessary.
Originally, the ePrivacy Regulation, together with the General Data Protection Regulation (GDPR) come into force. The EU Commission had already prepared a first draft in 2017. But due to fierce resistance from the business community, the EU had to suspend its adoption. Many companies fear that the regulation will damage their digital business.
The reform has now been on hold for two years because the member states cannot reach agreement. The advocates of an effective data protection in communication is opposed by a powerful interest group consisting of publishers, US-led advertising networks and Internet companies.
This results from their interaction in data marketing: European publishing houses supply the connection data of their online readers to global advertising networks. They generate user profiles from the huge amounts of data, which are constantly enriched with new detailed data on the characteristics, behaviour and buying habits of the respective person. In addition to the major players with their own platforms such as Google, Facebook and Amazon, there are European Internet groups such as Spotify and Zalando as well as service providers. This group is very much interested in the fact that the user must make as few clicks as possible for his or her consent in order to be able to process and market as much personal data as possible.
For whom is the ePrivacy Regulation important?
The regulation will probably affect every website operator, especially if they use cookies, tracking and profiling. In the future, consent to the use of cookies could be required for advertising analysis and tracking, but not for reach measurement and contract fulfilment. So far, under German law, the opt-out is sufficient.
Business models based on the 5G network, such as autonomous driving, would be prevented if the user did not agree to it. This also applies to indoor tracking in department stores. Currently, pseudonymous tracking is allowed there, but in future consent would have to be obtained.
Therefore, consent to data processing and data protection-friendly basic settings of apps and browsers are at the core of the planned regulation. The mandatory consent of the user to each new type of processing of his personal data is also a core of the GDPR.
External Data Protection Officer
You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.
What are the contentious issues in the EU negotiations?
Particularly controversial is the possibility of secure, pseudonymised Further processing of metadata debated. The most important sticking point in the negotiations is the further processing of telecommunications connection data. If the consent of the user or the anonymisation are necessary, this will bring down various business models. The cookie solution, on the other hand, is not in dispute at present, according to which the service can be provided without consent, but tracking requires consent.
The EU Council of Ministers is still divided on important points. Agreement is needed before the trialogue negotiations with Parliament and the Commission can begin. An agreement is unlikely to be reached before 2020. A two-year transition period may be agreed at that time. In November, the Finnish EU Presidency intends to present the next compromise proposal.
Companies can already prepare for the planned e-Privacy Regulation by clarifying how they work with service providers on cookies and tracking and how these procedures are used.
- Data protection officers report from the field - March 26, 2020
- Data protection and data security while working from home - March 26, 2020
- Use of social networks by public authorities - March 9, 2020