Paris, 6 March 2017 — The nomination of Marju Lauristin last Tuesday, MEP of the “Socialists&Democrats” group, as a rapporteur of the ePrivacy regulation on “the respect of privacy and personal data protection in electronic communications” kicks off negotiations at the European Parliament. It is an opportunity for La Quadrature du Net to publish its arguments and recommendations, which it will promote loud and strong during the upcoming months with MEPs of all political sides.

The five years of negotiations which have been needed to adopt the General Data Protection Regulation (GDPR) resumed with greater intensity with the ePrivacy proposal. Given the shortcomings in the GDPR, there is still a long way to go to ensure that Europeans’ privacy is respected and that trust between service providers and individuals is restored. The wind is turning and the digital lobbies are beginning to sense that it’s not favorable to them: the European Commission has not yielded to their calls for the suppression of the text, and studies on this matter are multipltying to show that Europeans are increasingly concerned about protecting their privacy on the Internet. But a natural adaptation of service providers to the changes in society, so dear to the laissez-faire enthusiasts, does not seem to be under way. On the contrary, new techniques and tracking tools are constantly being developed, and electronic communications service providers increasingly seek to collect and process our metadata and analyze our content.

The future ePrivacy regulation on the respect for privacy and personal data protection in electronic communications is therefore essential to counter those harmful developments and to restore power to the users.

Yet the battle is far from won. As we said in early January, the Commission’s proposal turns out to be far below what the speeches say, and the attacks from some conservative Members of European Parliament (MEP) against even the usefulness of the text are extremely disquieting.

The arguments published today are a summary of our recommendations and the points that La Quadrature du Net will promote in the coming months with MEPs and the member states. La Quadrature recommends that MEPs should:

cut back new opportunities for service providers to deal with electronic communications metadata;

force data to be processed anonymously whenever possible;

block third-party cookies by default in browsers (and any other access to the device by third parties);

rebuke the Commission’s proposal allowing devices to be tracked in certain physical locations (whether private, such as in a shop, or public, such as a square or a park) and formally prohibit such highly intrusive practices;

limit as much as possible derogations granted to member states for national security reasons. It is on the basis of these regulations that the member states have been able to introduce data retention measures in the past, or may introduce measures which weaken encryption tools and electronic communications confidentiality in the future;

declare that infringing on the protection of terminal device (illegally accessing a device, or tracking a device) is a very serious violation that should be subject to the highest penalties provided for in the General Regulations on Data Protection;

These recommendations – somewhat technical – will soon be supplemented by more political explanations, that is to say arguments that everybody will be able to use, and by a calendar so that together, we can fight this battle for the defense of our privacy and to regain control of our data.