OPINION of the European Data Protection Supervisor on the Proposal
for a Regulation on Privacy and Electronic Communications (ePrivacy
Regulation).
The EDPS shares the view that there is a continued
need to have specific rules to protect the confidentiality and
security of electronic communications in the EU. He therefore
welcomes the Commission proposal for a modernised, updated
and strengthened ePrivacy Regulation. He also welcomes the declared
ambition to provide a high level of protection with respect to both
content and metadata.
However, the EDPS remains concerned about a number
of provisions, particularly the following:
- the definitions under the proposal must not
depend on the separate legislative procedure concerning the Directive
establishing the European Electronic Communications
Code;
- the provisions on end-user consent need to be
strengthened. Consent must be requested from the individuals who
are using the services, whether or not they have subscribed for
them and from all parties to a communication;
- the relationship between the General
Data Protection Regulation (GDPR) and the ePrivacy
Regulation should not leave loopholes for the protection of
personal data;
- access to websites must not be made conditional
upon the individual being forced to ‘consent’ to being
tracked across websites (cookie walls);
- the proposal fails to ensure that browsers will by
default be set to prevent tracking individuals' digital
footsteps;
- the exceptions regarding tracking of location of
terminal equipment are too broad and lack adequate
safeguards.
The EDPS notes the importance of a swift processing
of this dossier by the legislators, to ensure that the ePrivacy
Regulation, as intended, may apply as of 25 May 2018, the date when
the GDPR itself will also become applicable.