The EU Council has proposed amendments to the draft ePrivacy Regulation (the Regulation). The Presidency points out that work on the text will be incremental and this is only its first redraft.
Proposed amendments include:
Scope – The Presidency clarifies the precise material and territorial scope of the Regulation, as including:
- the processing of electronic communications content in transmission, and of electronic communications metadata carried out in connection with the provision of electronic communications services to end-users in the EU;
- information related to, processed by, or stored in the terminal equipment of end users located in the EU;
- the placing on the market of software permitting electronic communications, including the retrieval and presentation of information on the internet;
- the offering of a publicly available directory of end-users of electronic communications services located in the EU, and
- the sending or presenting of direct marketing communications to end users located in the EU.
Representatives – The Presidency streamlines the provisions on representatives with the corresponding provisions of the GDPR. A representative is required to be appointed where the provider of an electronic communications service is not established in the EU, and the designation of a representative shall be without prejudice to legal actions, which could be initiated against the provider it represents.
Consent – The Presidency simplifies the wording of the consent provision, and aligns the conditions for valid consent with the GDPR. The possibility to withdraw consent is already provided by the GDPR, and the Regulation adds the obligation that the end-user should be reminded of that possibility. The Presidency proposes extending the interval for the reminder to 12 months (rather than 6 months as proposed by the Commission).
Privacy Settings – The Presidency proposes retaining the Commission’s proposal to allow consent to be expressed using appropriate technical settings of software. It has been clarified that the end-user should be asked to consent to the settings upon installation or upon ‘first usage’ of the software.
Confidentiality – The Presidency clarifies that any listening, tapping, storing, monitoring, scanning or other kinds of interception or surveillance of electronic communications data, constitutes ‘processing of data’ and is therefore prohibited except where expressly permitted by the Regulation.
Supervisory Authorities – In response to delegations’ requests for more flexibility regarding the appropriate supervisory authority to monitor application of the Regulation, the Presidency proposes keeping the Data Protection Authorities as authorities for monitoring the application of Chapter II (Protection of electronic communications of end-users and the integrity of their terminal equipment), but giving Member States discretion to designate other supervisory authorities for monitoring the application of Chapter III (Natural and legal persons’ right to control electronic communications, i.e. restricting direct marketing communications).
Class Actions: A new provision has been proposed, providing for the possibility of class actions for end-users who are natural persons to ensure consistency with the GDPR.
Compensations, Liability & Fines: The Presidency has not suggested any changes to the Commission’s proposal to allow end-users of electronic communications to receive compensation for material or non-material damage (i.e. emotional distress), resulting from an infringement of the Regulation, or to allow supervisory authorities to impose fines of up to €20 million or 4% of annual worldwide turnover. These provisions are in line with compensation, liability and fine provisions in the GDPR.
The Presidency has invited delegations to express their views on the proposed changes at upcoming WP TELE meetings on 19th, 20th and 25th September 2017.