In all the excitement last week over the European Parliament’s approval of the General Data Protection Regulation (GDPR) and the US Privacy Shield, you may have missed that the European Commission published a consultation on Monday 11 April regarding the ePrivacy Directive. Don’t worry though, here is what you need to know:
What is the purpose of the consultation?
The consultation forms part of the Commission’s Digital Single Market (DSM) Strategy and is necessary given that the GDPR, once adopted, will impact the e-Privacy Directive which sets out some additional and specific rules regarding the processing of personal data in the electronic communications sector. Infamously, the e-Privacy Directive contains the almost uniformly derided cookie consent requirement, so many people are likely to want to input. It also contains rules on breach notification, consents for marketing by electronic means and use of traffic and location data.
The Commission is looking for comments on both how the Directive should be evaluated as well as views on possible solutions for its revision. It will use the feedback from the consultation to prepare a new legislative proposal on ePrivacy, which is expected by the end of 2016.
What questions are they asking?
The consultation has a lot of tick boxes to gauge understanding of the Directive and any perceived issues and problems, particularly in terms of coherence and efficiency. It also asks some interesting questions on approach. For example it clarifies that the Directive currently only applies to publicly available electronic communication services but not to over the top (OTT) services such as unmanaged VoIP, instant messaging, web mail and social media messaging). It asks for thoughts as to whether this creates an uneven playing field and lack of protection for citizens and what networks and services should be covered.
Also of particular interest are questions about laws on imposing security requirements and a call for views on some specific suggestions for cookie consents. In relation to the latter, it asks whether information society services should be required to make available paid services (without behavioural advertising) as an alternative to those financed through the use of personal information and/or whether information society services should not have the right to prevent access to their non-subscription based services where users refuse the storing of cookies which are not necessary for the functioning of the service. The consultation also probes thoughts on opt-in vs opt-out approaches for email marketing.
How do I give feedback and when by?
You can find the questionnaire here. The deadline is 5 July 2016.