Complementing the GDPR: The ePrivacy Regulation Part I

This is the first blog of a series of posts which will explore aspects of the ePrivacy Regulation adopted on 10 January 2017 which aims to provide stronger privacy protections in electronic communications.

On 10 January 2017 the European Commission adopted the Proposal for a Regulation on Privacy and Electronic Communications (the Draft ePrivacy Regulation) concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC and its Proposal for a Regulation on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC which will regulate how personal data is treated by EU Institutions and bodies.

The legislative process for the proposed Regulations has officially begun and the Commission has requested that the European Council and Parliament work in order to adopt them by May 2018 when the GDPR will become applicable, though this timeline seems to be very ambitious.

The ePrivacy Regulation will be applicable to all electronic communications services, which means voice, text, VoIP, instant messaging social media messaging, webmail, and machine-to-machine communications, and therefore to “new” players like Google, WhatsApp, and Skype who are not regulated by the current rules. Importantly, the Regulation will likely apply to other services that include electronic communications such as eCommerce sites, video games, and more.

The ePrivacy Regulation will have extraterritorial applicability like Regulation (EU) 2016/679, applying to those who process data in the provision electronic communications services to EU citizens, and should provide both a high level data protection for users and clearer rules for businesses.

Comments are closed.