European Parliament approves ePrivacy regulation by a narrow margin

By November 3, 2017EU, UK

By Anastasios Stampelos

In a close vote, the European Parliament gave the mandate to commence inter-institutional negotiations with the Council of Ministers on the ePrivacy Regulation by 318 to 280 in favour during its Plenary meeting of the 26th October. This narrow mandate was also reflected in the vote of the Committee on Civil Liberties, Justice and Home Affairs on the 19th October with 31 to 25 votes in favour. In a procedure that is rarely used in the European Parliament, 74 MEPs challenged the initial mandate and triggered a Plenary vote which gave the final green light to enter the inter-institutional negotiations. The political fight and the division created amongst MEPs highlight the importance of the ePrivacy regulation, which touches upon sensitive data protection issues for the EU citizens.

The ePrivacy regulation is considered to be complementary to the General Data Protection Regulation (GDPR) adopted by the EU and expected to enter into force as of 25th May 2018. While the GDPR is expected to coordinate data privacy rules across the EU, the ePrivacy regulation is specifically focusing on the protection of personal electronic communication data. The Regulation is aiming at creating new rules in areas such as confidentiality in electronic communications, use of cookies and users’ consent.

On confidentiality, the EU lawmakers considered the existing ePrivacy Directive outdated in order to cover the new types of online communications. The ePrivacy regulation is aiming at broadening the scope of its applicability from traditional forms of telecommunications (offline) to online communications. Under the scope of the ePrivacy regulation is also the so-called metadata, any type of direct marketing communications as well as any machine-to-machine data including the Internet of Things.

Cookies and especially third-party cookies related to online advertising are the most affected by the latest draft of the new regulation. As the draft law stands, using cookies, especially for advertising purposes, is considered to harm privacy. As a result, any storing of information by third parties is prohibited, while users should be provided with sufficient and clear options on which categories or topics are giving their consent. However, the extension of the regulation to all types of cookies has created criticism that users will not be able anymore to enjoy the perks of a personalized website experience as it is happening so far.

While most of the online communication service providers are feeling threatened by the existing framework of the ePrivacy regulation and while the impact of this regulation is still unknown to the end-consumer from a practical aspect, the offline traditional communications providers are treating the ePrivacy regulation as the beginning of the creation of a level playing field between them and OTT service providers.

The exact wording and the specific provisions of the ePrivacy Regulation are not finalised as in the complex EU law-making the Council needs first to adopt its approach and then negotiate with the EP for the final version of the Regulation. While the goal and the aim of the EU is to protect consumers in the online world, it is still unknown how EU citizens and businesses will adapt to the adopted provisions in such a highly digitised era with strong trends towards online communications, AI and IoTs.