On 4 November 2020, nearly four years on from the European Commission’s initial proposal, the German Presidency of the Council of the European Union released the latest draft of the proposed ePrivacy Regulation. EU Member States are yet to agree on a final version of the text.
The latest proposal also prevents organisations from relying on legitimate interests as a ground for processing electronic communications metadata (e.g. details of the sender and time a communication was sent) which undermines the ability of electronic communications service providers to use such data for their own purposes. It’s therefore no surprise that the latest draft has been rebuffed in a joint statement of the European Telecommunications Network Operators' Association and GSMA Europe, which calls on Member States to not support the German Presidency’s proposal.
It’s not just the telecoms industry that has concerns. The EDPB – the consortium of EU data protection supervisory authorities – has issued a statement cautioning that the latest Council discussions risk creating fragmented supervision, procedural complexity, and a lack of consistency and legal certainty for individuals and companies. To ensure harmonised interpretation and enforcement across the EU, the EDPB calls on Member States to use the cooperation and consistency mechanism, established by the GDPR, for the supervision of the ePrivacy Regulation.
The latest draft doesn’t diverge from previous versions in respect of direct marketing requirements, but readers are reminded that the ePrivacy Regulation is set to significantly change the landscape. In particular, it will bring a broader range of services into the scope of the rules for sending direct marketing communications, meaning that some channels of communication which can presently be used by marketers on an opt-out basis (including, for example, live phone calls) will be subject to a requirement to obtain consent.
It’s unclear how close a final text of the ePrivacy Regulation is. Birgit Sippel, German MEP and the European Parliament’s rapporteur on the draft, has quashed any hopes of it being agreed before the European Commission’s deadline of 21 December 2020 (Politico reports), so it seems likely that the debate is set to continue in to the New Year.
The draft text creates a restrictive framework for processing communications metadata that is neither future-proof, nor aligned with the GDPR... Germany’s proposed text fails to bridge the gap between protecting privacy and confidentiality and stimulating innovation in European service providers.