ePrivacy regulation – What does it include and what does it mean?

The main objective of the ePrivacy regulation is to increase trust and security in digital channels, aiming to regulate the use of electronic communications services in European Union countries and aiming to replace the directive on privacy and electronic communications (Directive 2002 /58/EC).

The ePrivacy Regulation is mainly aimed at companies operating in the digital market and specifies additional requirements that they must comply with in relation to the processing of personal data.

In this article, I intend to highlight and present some of the most important points for professionals in the technological area – and other areas – in order to foster a better understanding of the intentions and repercussions of this regulation.

Main goals:

• Personal information on PCs, smartphones or tablets only accessible with permission;
• Guarantee of confidentiality of emails and online messages;
• Anti-spam rules may exclude online advertising, as in the current framework of the online privacy directive, unsolicited commercial communications by electronic means (“spam”) are prohibited unless the recipient has given his consent;
• Cookies and online monitoring in digital marketing is only possible with authorization and with clearer rules and options for consumers. However, the ePrivacy regulation provides for numerous exemptions, including familiar exemptions (cookies required for communication or technical reasons) as well as exemptions such as (certain forms of) analysis, security (including fraud prevention), software updates and performance of employees’ tasks, the quality of consent must, in general, correspond to the criteria provided for in the General Regulation on Data Protection ( RGPD);
• Application of the Regulation with stronger authority by the Supervisory Authorities;
• Single legislation in the European Market, applicable to all Member States;
• Commercial calls must always be identifiable or have a pre-defined special prefix;
• Telecommunications services with new opportunities to process metadata and offer additional services, the common principle remains the confidentiality of data relating to electronic communications, with specific exceptions, for example, metadata can now be processed for network management, optimization network, or for statistical purposes.

What does it mean for organizations?

Although the text of the ePrivacy regulation is not definitive, it is important that organizations immediately consider it when forecasting any product or project in the long term, namely those involved in IoT projects, must consider the confidentiality of electronic communications, to avoid having to stop or restructure the designs within a year or two.

Generally speaking, it is important for organizations to identify areas of activity that will be impacted by the ePrivacy regulation, so that when the final text arrives, they can more promptly begin its implementation and compliance.

What will happen next?

Originally, the ePrivacy Regulation was intended to apply from 25 May 2018 together with the RGPD, however EU Member States have not yet managed to agree on the outline legislation.

There is still uncertainty regarding the timing of the final implementation of the ePrivacy regulation. As the Finnish Presidency did not reach final approval before the end of its term, until December 2019. However, it appears that the discussion has shifted from technical experts to political experts, and we will have to see developments in the upcoming months.

In the opinion of many experts, the ePrivacy Regulation is not expected to enter into force before 2023. A 24-month transitional period means that any new Regulation will not be effective until 2025.

Even if the implementation takes a few years still, this will undoubtedly be the way to standardize and regulate electronic communications throughout the European space, in close collaboration with the General Data Protection Regulation – GDPR, in this logical relationship between the protection of personal data and innovation technology in the European Union.