OPINION of the European Data Protection Supervisor on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation).
The EDPS shares the view that there is a continued need to have specific rules to protect the confidentiality and security of electronic communications in the EU. He therefore welcomes the Commission proposal for a modernised, updated and strengthened ePrivacy Regulation. He also welcomes the declared ambition to provide a high level of protection with respect to both content and metadata.
However, the EDPS remains concerned about a number of provisions, particularly the following:
- the definitions under the proposal must not depend on the separate legislative procedure concerning the Directive establishing the European Electronic Communications Code;
- the provisions on end-user consent need to be strengthened. Consent must be requested from the individuals who are using the services, whether or not they have subscribed for them and from all parties to a communication;
- the relationship between the General Data Protection Regulation (GDPR) and the ePrivacy Regulation should not leave loopholes for the protection of personal data;
- access to websites must not be made conditional upon the individual being forced to ‘consent’ to being tracked across websites (cookie walls);
- the proposal fails to ensure that browsers will by default be set to prevent tracking individuals' digital footsteps;
- the exceptions regarding tracking of location of terminal equipment are too broad and lack adequate safeguards.
The EDPS notes the importance of a swift processing of this dossier by the legislators, to ensure that the ePrivacy Regulation, as intended, may apply as of 25 May 2018, the date when the GDPR itself will also become applicable.