BIS Consultation on revised E-Privacy Directive: Good news for website owners, bad news for communication service providers?

Anna Soilleux

This month, BIS published a consultation entitled “Implementing the revised EU electronic communications framework: Overall approach and consultation on specific issues”.  The consultation sets out, inter alia, the Government’s approach to the implementation of the revised E-Privacy Directive.

 The Government is seeking views on the changes required by the Directive, which include:

  • the establishment of a system for notifications to the Information Commissioner in the event of a personal data security breach
  • the introduction of “effective, proportionate and dissuasive penalties” for any infringements of the provisions of the revised Directive
  • a new opt-in requirement for cookies, from a “right to refuse” to obtaining consent

 Website owners and online advertising providers will be pleased with the Government’s position on the implementation of the opt-in requirement for cookies.  The Government rejects the establishment of an opt-in system which would mean that users would have to consent to every cookie placed on their computer.  Instead, it intends to allow online providers to take advantage of Recital 66 of the Citizens’ Rights Directive which makes it clear that the user’s willingness to accept cookies “may be expressed by way of using the appropriate settings of a browser or other application“. However, the Government’s approach is likely to be in conflict with the position of the Article 29 Working Party which has demanded strict opt-in standards for the use of cookies in the course of online behavioural advertising.

The impact assessment (but interestingly, Datonomy notes, not the consultation itself) sets out the Government’s plans to introduce a requirement on providers of electronic communication services to have procedures in place (at the provider’s cost) to be able to respond to requests for information from the police or security services.  Datonomy anticipates this may cause some concern amongst providers and privacy organisations alike.  The Government also proposes to give the ICO powers to request information from providers to monitor and enforce compliance.

The UK has until 25 May 2011 to implement the revised European Framework on Electronic Communications.  BIS invites comments by 3 December 2010.

Leave a Reply

Your email address will not be published. Required fields are marked *