On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November 27.

The proposed Regulation is intended as a replacement to the existing e-Privacy Directive, which sets out specific rules for traditional telecoms companies, in particular requiring that they keep communications data confidential and free from interference (e.g., preventing wiretapping).  It also sets out rules that apply regardless of whether a company provides telecoms services, including restrictions on unsolicited direct marketing and on accessing or storing information on users’ devices (e.g., through the use of cookies and other tracking technologies).

Substantively, the proposed Regulation aims to extend the rules that currently apply specifically to telecoms companies to “over-the-top” service providers.  Initial versions included stringent restrictions on when electronic communications data (including both content and metadata) could be used without consent, which was the subject of significant debate and disagreement.  Despite proposals from both the European Commission and Parliament, negotiations on a Council proposal have been in deadlock for more than two years, culminating in the rejection of the Finnish Presidency’s text after substantial, but ultimately unsuccessful, efforts to find agreement.

The Council has released a progress report, noting the areas on which agreement could not be reached, including:

  • The scope of the Regulation, particularly its application to processing of electronic communications data by end-users of a service or by entrusted third parties who might receive that data.
  • The appropriate solution to allow the processing of electronic communications data for the purposes of prevention of child abuse imagery.
  • Whether an exception should be included to permit the processing of electronic communications data for the prevention of other serious crimes, in particular terrorism.
  • The appropriate rules for storing or accessing information on users’ devices, which should protect existing business models and also respect the GDPR’s rules. For example, there was disagreement around whether giving consent to the use of cookies or other tracking technologies could be a condition of access to a website or service.
  • How to facilitate effective cooperation between national supervisory authorities, and what role the European Data Protection Board should have.
  • How the proposed Regulation will operate in relation to new technologies, particularly machine-to-machine and Internet of Things services.

Following the Council’s failure to agree a proposal and in light of the installation of the new Commission, questions were asked about the viability of the current proposals.  Although Breton later stated to the press that all options remain on the table, including continuing with negotiations on those existing proposals and taking into account agreed elements of the current proposal successes, his statement suggests that the Commission ultimately may reconsider the approach to e-Privacy.  It remains to be seen, and we will continue to monitor, exactly how any new approach will address the concerns raised in the Council and be reconciled with the views of the European Parliament.

Photo of Lisa Peets Lisa Peets

Lisa Peets leads the intellectual property and technology and media groups in the firm’s London office. Ms. Peets divides her time between London and Brussels, and her practice embraces legislative advocacy, trade and IP enforcement. In this context, she has worked closely with…

Lisa Peets leads the intellectual property and technology and media groups in the firm’s London office. Ms. Peets divides her time between London and Brussels, and her practice embraces legislative advocacy, trade and IP enforcement. In this context, she has worked closely with leading multinationals in a number of sectors, including many of the world’s best-known software and hardware companies.

On behalf of her clients, Ms. Peets has been actively engaged in a wide range of law reform efforts in Europe, on multilateral, regional and national levels. This includes advocacy on EU and national initiatives relating to e-commerce, copyright, patents, data protection, technology standards, compulsory licensing, IPR enforcement and emerging technologies. Ms. Peets also counsels clients on trade related matters, including EU export controls and sanctions rules and WTO compliance.

In the IP enforcement space, Ms. Peets coordinates a team of lawyers and Internet investigators who direct civil and criminal enforcement actions in countries throughout Europe and who conduct global notice and takedown programs to combat Internet piracy.

Ms. Peets is a member of the European Commission’s Expert Group on reform of the IP Enforcement Directive.

Photo of Paul Maynard Paul Maynard

Paul Maynard is an associate in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…

Paul Maynard is an associate in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.

Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.

Photo of Sam Jungyun Choi Sam Jungyun Choi

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous…

Sam Jungyun Choi is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence, online platforms, digital health products and autonomous vehicles. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Sam advises leading technology, software and life sciences companies on a wide range of matters relating to data protection and cybersecurity issues. Her work in this area has involved advising global companies on compliance with European data protection legislation, such as the General Data Protection Regulation (GDPR), the UK Data Protection Act, the ePrivacy Directive, and related EU and global legislation. She also advises on a variety of policy developments in Europe, including providing strategic advice on EU and national initiatives relating to artificial intelligence, data sharing, digital health, and online platforms.