Regulators Comment On Proposed ePrivacy Law Reforms

Author:Mr Philip Nolan, Jevan Neilan and Katie Nolan
Profession:Mason Hayes & Curran

Things move fast in the world of privacy and data protection. Recently, the collective group of EU data protection authorities, the Article 29 Working Party ("WP29"), has been particularly active. In addition to publishing guidelines and launching consultations regarding the General Data Protection Regulation ("GDPR"), WP29 also released its views on the proposed ePrivacy law reforms, which legislators are aiming to coincide with the commencement of the GDPR. We examine the views of WP29.

What is the ePrivacy Directive?

The ePrivacy Directive (2002/58/EC) (the "Directive"), currently implemented in Ireland through the 2011 ePrivacy Regulations, regulates a wide variety of uses of private information in the electronic communications sphere. The Directive is the origin of laws regarding the use of cookies and similar technologies, the collection and use of location data, and the sending of 'spam' and electronic direct marketing. The Directive also covers many telecoms-specific issues, such as billing, collection of traffic data and the interception of communications. While the Directive has been subject to amendments in 2005 and 2009, a more significant overhaul has now been proposed, in particular to reflect changes to data protection law with the introduction of the GDPR.

New Proposals

In July 2016, following a public review and consultation carried out by the European Commission, WP29 issued an opinion on the reform of the Directive. In January 2017, the European Commission proposed a new law to regulate ePrivacy issues (the "Proposed Regulation"). This Proposed Regulation is intended to replace the Directive, and will overhaul the laws relating to electronic communications, direct marketing, cookies and other issues. One of the biggest changes will be the extension of the rules relating to confidentiality of communications to so-called 'over-the-top' service providers: online messaging providers who are not regulated under the existing ePrivacy Directive. Changes to align enforcement with the GDPR are also proposed.

Regulators' views

In April 2017, WP29 issued an opinion on the Proposed Regulation. WP29 welcomed aspects of the Proposed Regulation, including the expansion to regulate 'over-the-top' service providers and the alignment of enforcement responsibilities with the GDPR.

However, WP29 has also expressed some significant concerns around the Proposed Regulation. In particular, WP29 highlighted issues regarding the proposed rules...

To continue reading