On 10 January 2017, the European Commission published its long-awaited proposal for an e-Privacy Regulation (ePR) to replace the 2002 e-Privacy Directive (ePD). This new regulation complements the General Data Protection Regulation (GDPR), adding more clarity and legal certainty for individuals and businesses – helping to protect our personal data by providing specific rules related to our freedoms in the online environment.

We agree with the Commission that additional rules are necessary to ensure the security of all types of electronic communications. The Commission’s ePR proposal provides a solid basis for this. However, the aim of the regulation is to protect privacy and confidentiality of electronic communications regardless of the medium used, and to prohibit access to information stored in or transmitted by individual’s devices. It should improve trust and security in the digital environment, to the benefit of all stakeholders. For the regulation to achieve these goals, several improvements are necessary.

Key comments:

extending the scope of application of the new rules is a welcome improvement;

the principle of “privacy by default” should not be partly replaced by the proposed “privacy by option”;

the way in which consent will be required needs further clarifications;

we need to secure citizens from ubiquitous tracking and ban sites from blocking visitors who do not accept cookies;

the proposal to allow offline tracking of users needs to be amended to bring it into line wit the rest of the proposal;

collective redress mechanisms need to be explicitly mentioned.

Our quick guide on the proposal of an e-Privacy Regulation presents the key issues and solutions that should be taken into consideration by the European Parliament and the Council of the European Union that will soon discuss the proposed regulation.

Our position paper explains thoroughly the core elements of the Commission’s draft regulation, identifies where they need improvement, and suggests solutions to fix the problems.

We hope the policy makers will not fail individuals and businesses. We urge them to take the necessary steps to ensure that privacy and confidentiality of communications of European citizens are not considered as a disposable asset, but as a fundamental right to be strongly protected.

Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)

https://edri.org/files/epd-revision/ePR_EDRi_quickguide_20170309.pdf

EDRi’s position on the proposal of an e-Privacy Regulation (09.03.2017)

https://edri.org/files/epd-revision/ePR_EDRi_position_20170309.pdf

e-Privacy Directive: Frequently Asked Questions (05.10.2016)

https://edri.org/epd-faq/

e-Privacy Directive revision: Document pool

https://edri.org/eprivacy-directive-document-pool/