At long last, EU member states have agreed a final draft text for the proposed Regulation on Privacy and Electronic Regulations (ePrivacy Regulation), which will replace the existing ePrivacy Directive (2002/58/EC). The draft text will now be subject to negotiations between the Council of the European Union and the European Parliament.
Here are some initial observations:
Cookie walls (denying a user access to a website unless the user consents to the use of cookies) will be permitted provided the user is given an equivalent offer by the same provider that does not involve consenting to data use (e.g. a subscription model). However, there's no broad legitimate interest ground for the use of cookies.
Unsolicited marketing via 'electronic communications services' (which is a broader concept than mere email/sms, which the current marketing rules are more or less limited in scope to) is prohibited unless the end-user has given consent. Similar to current exemptions, there will be an exemption where the marketer has obtained the end-user's contact details in the context of a purchase (but not if merely 'during the course of negotiations for a purchase'), and where the marketer gives the end-user the opportunity to object to marketing and the marketing relates to the marketers own products or services only.
Further analysis will follow.
Robust privacy rules are vital for creating and maintaining trust in a digital world. The path to the Council position has not been easy, but we now have a mandate that strikes a good balance between solid protection of the private life of individuals and fostering the development of new technologies and innovation. The Portuguese presidency is very pleased to launch talks now with the European Parliament on this key proposal.