Background to the EU ePrivacy Regulation: GDPR and protection of personal data

The planned ePrivacy regulation, also known as the “Regulation concerning the respect for private life and the protection of personal data in electronic communications” is an important piece of European Union legislation for EU countries. It strengthens data protection and safeguard the privacy of users in the digital world. It complements the General Data Protection Regulation (GDPR) and sets down specific and GDPR-compliant rules for the processing of personal data in electronic communications.

The main objective of the new ePrivacy regulation is to ensure the privacy protection of users’ when using technology in form of electronic communication services. It covers various forms of communication such as:

• emails
• SMS
• telephone calls
• VoIP

Other similar services are covered as well. The regulation provides strict rules for businesses and specifically for the collection, use, storage and disclosure of personal data and information by communications service providers. To guarantee a certain level of privacy protection, it ensures that users’ consent is required for the processing of their data and that appropriate security measures are taken to ensure the confidentiality of communications.

The new EU regulation is a response to increasing digitization and the growing need of data protection. It helps to increase trust in companies and their digital services. This way it improves the protection of personal data. Companies providing electronic communications services must comply with the provisions of the regulation to avoid legal consequences and financial penalties.

ePrivacy: current status

The ePrivacy Regulation has gone through a lengthy and complex legislative process. It was originally set to enter into force at the same time as the General Data Protection Regulation (DGPR) on 25 May 2018. However, the EU Member States have so far not been able to agree on a draft for the new regulation. This has obviously resulted in delays.

Since the publication of the first draft of the ePrivacy Regulation by the EU Commission in January 2017, various amendments and discussions have taken place. The EU Parliament adopted an amended draft, and drafts from various EU Council presidencies followed. Some proposals have been made to work towards a compromise, but no binding draft text has been adopted yet.

Three-way negotiations are currently underway between the EU Commission, the Parliament and the Council of the European Union to reach agreement on the final text of the regulation. The Portuguese Council Presidency has played an important role in this. It tried to convince the Member States to press ahead. However, due to some outstanding sticking points, the entry into force of the e-Privacy Regulation cannot be expected before the end of 2023.

Despite the delays, it can be helpful for companies and organisations to start addressing the requirements of the ePrivacy Regulation now. Experience with the General Data Protection Regulation (GDPR) has shown that early preparation for new data protection laws is crucial.