On 10 January 2017, the European Commission adopted a proposal for a Regulation1 to modernise rules on privacy protection in electronic communications. It will repeal Directive 2002/58/EC on privacy and electronic communication2.
With the adoption of this proposal, the European Commission intends to accomplish the following:
- render confidential all electronic communications.
- guarantee confidentiality of users’ online behaviour and devices: In principle, it would be impossible to either access information stored on the computer of a user or to store data to track their online behaviour unless the user explicitly agreed or one of the exceptions defined in the proposal applied. For example, the storage of internet cookies without the consent of the user would be prohibited unless they would not impact privacy (e.g. web-audience measuring cookies).
- impose consent to process electronic communication data: Consent will apply to all electronic communications data, meaning content of the communication as well as the metadata of the communication. Metadata are data used to trace and identify both the source and destination of a communication (date, time, duration and the type of communication).
- impose prior consent for direct marketing communications: The only exception would be when data are collected in the context of sales of products and/or services. In this case, the customer should always be given the opportunity to object to the processing of data.
Because it complements the General Data Protection Regulation (GDPR), this proposal of Regulation and the GDPR should be applicable at the same time: 25 May 2018.
1. Proposal for a Regulation of The European Parliament and of The Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) – 10 January 2017 - COM(2017) 10 final
2. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201 , 31/07/2002, p. 37-47