The EU member states comply with the Council’s textual content for the information safety regulation for digital communications

On February 10, 2021, representatives of the EU member states reached an agreement on the negotiating mandate of the Council of the European Union (the “Council”) for the draft data protection regulation for electronic communications, which will replace the current directive on data protection for electronic communications. The text, approved by the EU Member States, was drawn up under the Portuguese Presidency and will form the basis for negotiations between the Council and the European Parliament on the final terms of the data protection regulation for electronic communications.

In its press release, the Council highlights the following key elements of the draft data protection regulation for electronic communications:

  • Coverage of both electronic communication content and communication metadata (such as location, time and recipient of a communication). The text maintains the general principle that electronic communications data are confidential, which means that any malfunction (I.The interception, monitoring or other processing of data in connection with communications by persons other than the parties involved in the communication is prohibited, unless this is permitted by the ePrivacy Regulation. The processing of electronic communication data without the consent of the user is permitted, for example, if the integrity of communication services has to be ensured, malware or viruses have to be identified or if the laws of the EU or the EU member states allow processing for the prosecution of criminal offenses or the prevention of threats to public security . With regard to communication metadata, for example, the text enables processing for billing purposes, detecting or stopping fraudulent use, and protecting the vital interests of users, such as monitoring the spread of epidemics. In addition, providers of electronic communications networks and services can, in certain situations, process metadata for a purpose other than the one recorded, provided that this purpose is compatible with the original purpose and strict, specific protective measures apply to this purpose;
  • Machine-to-machine data that is transmitted over a public network, as this is considered necessary to protect data protection rights in connection with Internet of Things applications;
  • Users based in the EU, regardless of whether the processing of their data takes place outside the EU or the service provider is located in a non-EU jurisdiction;
  • With regard to the use of cookies and other technologies in which information is stored on or collected from a user’s device, the Council text provides that the use of these technologies is only permitted if the user has consented or specified for certain purposes was in the ePrivacy Regulation. In addition, the text emphasizes that users should have a real choice regarding the use of cookies or similar technologies. Access to a website depends on the consent of cookies as an alternative to a paywall (I.The use of so-called “cookie walls” is only permitted if the user can choose between this offer and an equivalent offer from the same provider that does not agree to the use of cookies. The Council’s text also provides that users can consent to the use of certain types of cookies by whitelisting one or more providers in their browser settings.

The draft Electronic Communications Data Protection Regulation also includes requirements related to line identification, public directories, and unsolicited and direct electronic marketing.

The Council will now start talks with the European Parliament to negotiate the final text. These negotiations could prove difficult as the Council text could be seen as less privacy protective than the European Commission’s original January 2017 proposal.

Following its adoption by the Council and the European Parliament, the draft text provides for a transition period of two years, starting twenty days after the publication of the final text of the data protection regulation for electronic communications in the EU Official Journal.

Read the final draft of the ePrivacy Regulation.

Comments are closed.