On 31 May EDRi, Access Now, and Privacy International met attachés to the EU Council (representatives of EU Member States) who work on the ePrivacy Regulation proposal. Following up to our recent two letters on ePrivacy (here and here), the Dutch Permanent Representation in Brussels and the Bulgarian EU Council Presidency kindly hosted us to discuss the ePrivacy proposal.
During our meeting with the attachés we expressed, first of all, the need to adopt a strong ePrivacy Regulation in 2018. In an interconnected world, where our online behaviour and our private communications can be tracked by a duopoly of advertisers and a murky cloud of data brokers, the EU needs to take a step forward and ensure a high level of protection for the confidentiality of our electronic communications.
Second we also highlighted the need to clarify that privacy and confidentiality should cover our devices and information about them (location, type of software, etc.). We also highlighted the need to protect communications metadata and for clarification regarding the use of offline tracking for “measuring” purposes.
In addition to this, we stressed the threat to confidentiality that tracking walls represent, and how they are the opposite of informed consent. The current situation, where users are required to agree to an unlimited “take it or leave it” amount of unnecessary processing of their personal data, needs to be corrected by the ePrivacy Regulation.
Finally, we called for a strong provision requiring privacy by design and by default in software and hardware used for electronic communications. In order for our devices (IoT objects, laptops, smartphones…) to operate securely, the settings of all the components of terminal equipment placed on the market should be configured by design and by default to prevent third parties from storing information, processing information already stored in the terminal equipment and preventing the use by third parties of the equipment’s processing capabilities.
The EU Council needs to finalise negotiations during the Austrian Presidency (starting July 2018) while taking care of the details that need to be improved. Given that the GDPR has entered into application in the European Union, the ePrivacy Regulation needs a final commitment from EU policy makers in order to ensure legal certainty, enhanced privacy protections and a ban on pervasive tracking of individuals.
Document presented to TELE Council attachés as our key points during the meeting with them on 31.05.2018
Mythbusting – Killing the lobby myths that are polluting the preparation of the e-Privacy Regulation
EU Member States fight to retain data retention in place despite CJEU rulings (02.05.2018)
ePrivacy: Civil society letter calls to ensure privacy and reject data retention (24.04.2018)
Cambridge Analytica access to Facebook messages a privacy violation (18.04.2018)
(Contribution by Diego Naranjo, EDRi Senior Policy Adviser)