The EDPS published an Opinion
on the proposal for an ePrivacy Regulation on 24 April.
On publishing his Opinion, Giovanni Buttarelli, EDPS, said: ‘I welcome and support the
Commission’s ambitious attempt to provide for the comprehensive protection of electronic
communications. The extension of confidentiality obligations to a broader
range of providers and services is a particularly important step forward, which
reflects recent technological developments and our changing
relationship with technology. However, certain improvements are necessary if
the Regulation is to deliver on the promise of a high level of protection for
electronic communications.’
In his July 2016 preliminary Opinion on
the review of the ePrivacy Directive, the EDPS called for smarter, clearer and
stronger rules for ePrivacy. The Commission’s proposal represents an ambitious
attempt to provide this. However, its complexity is daunting. By
splitting communications data into a range of different types, each entitled to
a different level of confidentiality and subject to different exceptions, there
is a risk that gaps in protection might emerge.
The EDPS also raises concerns over the Commission’s
intention to base the definitions on which the proposal relies on the European
Electronic Communications Code, which is yet to be finalised. The EDPS notes
that no legal justification exists for linking the new ePrivacy Regulation to
the Code and holds that the market-focused definitions provided by the Code are
simply not appropriate for dealing with fundamental rights. He therefore
suggests that a set of definitions, which take into account the specific scope
and objectives of the new rules, are included in the ePrivacy Regulation
itself.
The new rules must also take into account the processing
of electronic communications data by individuals or organisations other
than the eCommunications providers covered in the proposal. The additional
protection the proposal offers to communications data is of little use if the
rules can be circumvented by transferring communications data to a third party,
for example. In line with his recent Opinion
on the Commission’s proposal for a Directive on digital content, the EDPS also
stresses the need for the Regulation to ensure that no communications are
subject to unlawful tracking and monitoring without freely-given and genuine
user consent.