Highlights | Privacy and data protection | Privacy and confidentiality

EU Council moves the ePrivacy reform forward – with major flaws in its position

By EDRi · November 22, 2019

Today, on 22 November 2019, the Permanent Representatives Committee of the Council of the European Union (COREPER) has finally agreed on the Council’s position on the ePrivacy Regulation.

“It is high time that this piece of legislation vital to protecting citizens’ fundamental rights finally moves forward, nearly three years after Commission’s initial proposal,” said Diego Naranjo, Head of Policy at European Digital Rights (EDRi). “However, the Council’s adopted position fails to protect confidentiality of communications, which is the main goal of the legislation. The upcoming trilogue negotitations need to ensure that the major flaws of the text will be ironed out in the final ePrivacy Regulation. We hope that the Commission and the European Parliament will stand on the side of citizens and ensure a prompt implementation of strong privacy protections online.”

“We urge the EU institutions to refocus on the objective of the reform during trilogue and to deliver a Regulation that strengthens privacy rights, not a surveillance toolkit for states,” said Estelle Massé Senior Policy Analyst at EDRi member’s Access Now.

In January 2017, the European Commission launched its proposal for a new ePrivacy Regulation, aiming at complementing the General Data Protection Regulation (GDPR), to protect the right to privacy and to the confidentiality of communications. An update to the outdated 2002 ePrivacy Directive is sorely needed – in today’s world where technology is intertwined in our everyday life, a strong regulation is crucial to protect us against the negative impacts of “surveillance capitalism“, to safeguard the functioning of our democracies, and to put people as the core element of the internet. The European Parliament took a strong stance towards the proposal when it adopted its position in October 2017. For over two years, the Council halted the proposal from advancing, presenting suggestions that lowered the fundamental rights protections that were proposed by the Commission and strengthened by the Parliament.

Today, the Council has voted to finally move forward – with a position that leaves the door open for practices endangering citizens’ right such as allowing providers of electronic communication services to use your private communications for secondary commercial purposes without consent, and allowing companies to read what you read online, watch what you watch, and profile you according to the music you listen to. The next step are the trilogue negotiations between the Council, the European Parliament, and the European Commission to find an agreement on the final version of the text. To meet the aims set for the ePrivacy Regulation, the text should ensure privacy by design and by default, protect communications in transit and when stored, ban tracking walls, prevent backdoors to scan private communications without a court order and avoid secondary processing of communications data without consent.

Read more:

e-Privacy revision: Document pool
https://edri.org/eprivacy-directive-document-pool/

EU Council considers undermining ePrivacy (25.07.2018)
https://edri.org/eu-council-considers-undermining-eprivacy/

Five reasons to be concerned about the Council ePrivacy draft (26.09.2018)
https://edri.org/five-reasons-to-be-concerned-about-the-council-eprivacy-draft/

Open letter to EU Member States: Deliver ePrivacy now! (10.10.2019)
https://edri.org/open-letter-to-eu-member-states-deliver-eprivacy-now/

The most recent European Council ePrivacy text (15.11.2019)
https://www.politico.eu/wp-content/uploads/2019/11/file.pdf