According to the original ambitious plans, the new e-Privacy Regulation, which would replace Directive no. 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), should apply from 25 May 2018, such as the GDPR (the new EU Data Protection Regulation).
The first draft of the e-Privacy Regulation was issued in January 2017 by the European Commission (you can find more information on this first proposal in my former post here). During 2017, a lot of discussions took place regarding the content and the wording of the e-Privacy Regulation. Besides, the opinion of Article 29 Working Party published on April 4, 2017 (Opinion no. 1/2017), the European Data Protection Supervisor (EDPS) also published his recommendations on specific aspects of the proposed e-Privacy Regulation.
On October 23, 2017, the European Parliament issued a report on the draft e-Privacy Regulation that contained several modification proposals to the original draft published by the Commission.
Finally, on December 5, 2017, the European Council published a consolidated version of the e-Privacy Regulation that shows the status of the discussion within the Council regarding the e-Privacy Regulation.
What are the main points of discussion?
- The scope of the e-Privacy Regulation.
- The regulation of the legal basis for processing of electronic communications data, electronic communications metadata and electronic communications content (Article 6 of the draft e-Privacy Regulation).
- The rules regarding the protection of information stored in terminal equipment of end-users (Article 8 of the draft e-Privacy Regulation).
- The use of tracking technologies (Article 10 of the draft e-Privacy Regulation).
- The direct marketing rules (Article 16 of the draft e-Privacy Regulation).
- The distribution of supervision powers among competent authorities (Article 18 of the draft e-Privacy Regulation).
When will it come into effect?
The original plan was that the e-Privacy Regulation, such as the GDPR, should apply from 25 May 2018. However, it seems very unlikely that this tight schedule can be maintained. According to certain commentaries, “it will likely take until mid-2019 or the end of 2019 until the ePrivacy Regulation comes into force.”