Home » Policy Landscape » Privacy » ePrivacy Directive

ePrivacy Directive

The proposal for a Regulation on Privacy and Electronic Communications was adopted by the Commission in January 2017. The proposal reviews Directive 2002/58/EC, that was previously reviewed by Directive 2009/136/EC.
The main objectives of the proposal for a Regulation on Privacy and Electronic Communications are to ensure the confidentiality of all electronic communications for endusers (e.g., the content of a phone call, SMS, instant message, VoiP call, e-mail, and the related metadata, such as time, duration and location of the communication); protection of the terminal equipment information of end-users (e.g., access to photos stored in a phone or the storage of tracking cookies when visiting a website); transparency and end-user empowerment regarding software privacy settings (e.g., browser privacy settings); and consistency with Regulation (EU) 2016/679 ("GDPR") via inter alia the repeal of the provisions regarding personal data breach notifications and alignment of the comptences of
the supervisory authorities.
Challenges:

  1. the purposes for which electronic communications data can be processed without the consent of the end-user;
  2. whether the use of ‘cookie walls’ is allowed;
  3. whether software providers must provide options for privacy settings and inform the end-user thereof;
  4. which public interests may justify restrictions to certain rights and obligations under the Regulation, including issues of data retention;
  5. which authorities are appointed as supervisory authorities (data protection authorities or others).

News

On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.