Wednesday, 11 January 2017

More privacy protection?

Yesterday, the European Commission published its proposal (COM(2017) 10 final) for a Regulation on Privacy and Electronic Communications, which is meant to repeal the e-Privacy Directive (2002/58/EC). The Commission, on the basis of the conducted REFIT exercise, evaluates the current framework as still sound as to its objectives and principles. The need for review comes from the technological changes in the market, mostly the popularity of Over-the-Top communications services, which are not currently subject to regulation in e-Privacy Directive. The new Regulation is meant to be lex specialis to General Data Protection Regulation 'and will particularise and complement it as regards electronic communications data that qualify as personal data'. (p. 2 of the Proposal)

Some of the interesting provisions in the new draft Regulation (see more here):
  • it will apply also to provision of e-communications for free;
  • it uses the same definitions as GDPR and European Electronic Communications Code;
  • it protects both data and metadata (incl. traffic and location data);
  • conditions for consent are the same as in GDPR
  • consent may be expressed by 'using the appropriate technical settings of a software application enabling access to the internet' - for the purpose of consenting to processing and storage of personal data through terminal equipment of end-users 
  • withdrawal of consent needs to be possible - with reminders about this option being sent every 6 months, as long as the processing continues
  • software needs to offer the option to prevent 3rd parties from storing information on the terminal equipment of an end-user or processing information already stored there
  • upon installation end-users will need to be prompted to choose and consent to a privacy setting; with already installed software such consent will be required during the first update thereof - not later than 25 August 2018
  • right to compensation for material and non-material damage
  • administrative fines of up to 4% of global turnover
First concerned reactions of the press worried about the industry (!):
"Will this EU privacy proposal lead to a more trustworthy internet or a more annoying one?"
"WhatsApp, Facebook and Google face tough new privacy rules under EC proposal"