12 Jan EU Council Releases Draft ePrivacy Regulation
Written by: Brett Lawrence, Esq.
On January 5, 2021, the Council of the European Union released a new draft version of the ePrivacy Regulation. The draft regulation is intended to replace the current ePrivacy Directive since the European Commission approved the first draft ePrivacy Regulation back in January 2017. In fact, this new draft version is the 14th version in the last four years.
If approved, the ePrivacy Regulation will regulate electronic communications service providers who process data of individuals residing in the EU. Such regulations would include rules for (1) collecting user “cookies”; (2) collecting location-related data; (3) unsolicited emails or text messages; and (4) the interception of communications.
As it stands now, the ePrivacy Directive is still in full force and effect. Although the ePrivacy Directive currently has such aforementioned provisions, the ePrivacy Regulation would complete the European Union’s General Data Protection Regulation. The fundamental difference between the two being that the ePrivacy Regulation would apply uniformly and be legally binding across the EU. While the ePrivacy Directive currently requires local regulations for implementation; meaning, each member state may have country-specific laws different from other countries. The ePrivacy Regulation would override those laws and create a single data protection standard.
The latest draft of the ePrivacy Regulation primarily adheres to the previous draft, and includes the following additions:
- Widens the territorial scope of the draft regulation to include areas where member state laws apply by virtue of public international law.
- Defines “location data.”
- Authorizes the processing of electronic communications, including metadata, for purposes consistent with the initial reason(s) for which the data was first collected.