Spam, Cookies And Consent: 7 Talking Points From Proposals To Reform The ePrivacy Directive

Author:Mr Philip Nolan, Oisin Tobin and Jevan Neilan
Profession:Mason Hayes & Curran

In July 2016, the Article 29 Working Party ("WP29") and the European Data Protection Supervisor ("EDPS") published opinions (the "Opinions") on the reform of the ePrivacy Directive (2002/58/EC) (the "Directive"). These Opinions followed a public review and consultation on the Directive, carried out by the European Commission ("EC"). While these sets of proposals are non-binding, they can still influence how the Directive is reformed. We take a look at the main talking points.


The Directive currently regulates an assortment of areas, including cookies, spam and the use of location data. It also covers many telecoms-specific issues, such as billing, collection of traffic data and the interception of communications. The recent Opinions support the retention of many of the features of the Directive while extending the protections to cover services of non-telecoms providers (such as Skype and Viber). The Opinions also include proposals to regulate Wi-Fi hotspots and reform existing rules on spam, cookies and consent.

  1. Over-the-top (OTT) Service Providers

    OTT service providers are those that use the existing telecoms and internet infrastructure to provide their services. Examples of OTT service operators include Skype, Viber and FaceTime.

    Currently, the Directive does not require OTT service providers to implement the same protections as required from telecoms communications providers. However, both Opinions recommend extending certain existing obligations to cover services that are "functionally equivalent" to telecoms service providers, such as OTT service providers. This would mean that OTT service providers would be made subject to obligations around interception and the processing of traffic data.

  2. Interception of Electronic Communications

    The WP29 Opinion recommends extending the existing prohibition on the interception of electronic communications so that it covers group communications, such as conference calls. The Opinion also recommends that 'interception' and 'surveillance' be interpreted broadly to include the use of unique identifiers. Given the potential for location and traffic data to reveal an individual's habits and private life, the Opinions also include proposals to create a more harmonised concept of 'metadata'.

  3. Wi-Fi Hotspots

    The Opinions favour extending the protections on user communications to cover "publicly accessible private networks". Examples of these networks are hotel or train Wi-Fi, workplace...

To continue reading