Privacy & Information Security Law Blog

On April 11, 2016, the European Commission launched a public consultation to evaluate and review Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector, also known as the e-Privacy Directive.

Technological advances and the advent of the EU General Data Protection Regulation (“GDPR”) have prompted the European Commission to review the e-Privacy Directive, which was last updated in 2009.

The review of the e-Privacy Directive has the following three main objectives:

• Assessing the need to further update the e-Privacy rules, which implies assessing the need to broaden the scope of those rules. The e-Privacy Directive currently applies only to traditional telecom providers, and not to over-the-top service providers that provide communications services such as Voice over IP, instant messaging and emailing over social networks.
• Ensuring consistency between the e-Privacy Rules and the future GDPR, including assessing any overlaps between the two (e.g., the notification of data security breaches) and ensuring more uniform implementation and consistent enforcement of the e-Privacy rules (e.g., applying the One-Stop Shop and consistency mechanisms of the GDPR to a new e-Privacy instrument, providing for specific fines in light of the GDPR, etc.).
• Enhancing security and confidentiality of communications throughout the EU, which implies assessing the need for additional legal measures to enforce security obligations. This also implies reviewing the effectiveness of the existing rules, in particular the consent requirement for storing information, or accessing information already stored, on a user’s device (e.g., by facilitating users’ ability to consent by other means) and the list of exceptions to that consent requirement.

The reform of the e-Privacy rules was discussed at a stakeholder workshop organized by the European Commission in Brussels on April 12. The European Commission has encouraged all relevant stakeholders to respond to the consultation through the European Commission’s consultation webpage. The consultation will be open through July 5, 2016. The European Commission also announced that it will conduct a Eurobarometer survey on e-Privacy to determine how European citizens feel about their privacy and confidentiality as well as possible policy actions.