In 2017, the United States National Telecommunications and Information Administration (NTIA), which is part of the Department of Commerce, warned of the “chill on discourse and economic activity” caused by privacy and security fears. With the recent revelations about Facebook and Cambridge Analytica, and news about even more extensive abuses likely to appear, the damage caused by weak legislation continues to grow.
While the US is unable to pass privacy legislation that solves this problem, the European Union’s (EU’s) world-leading General Data Protection Regulation (GDPR) enters into force on 25 May 2018. The one piece of the jigsaw that remains to be put in place to is the ePrivacy Regulation. It complements the GDPR by providing clear and specific rules on issues such as tracking of individuals online, tracking of individuals offline (for example by recording the wifi or bluetooth networks to which your phone automatically connects) and the use of communications metadata (such as location data).
The European Commission launched its ePrivacy proposal in January 2017. The legislation needs to be approved by the European Parliament and the EU Member States in the Council of the European Union. The response was a barrage of negative lobbying. Despite this, the European Parliament adopted a strong position in defence of electronic privacy rights in October 2017. However, lobbying by the Google/Facebook online tracking duopoly in national capitals has proven more successful. Today, 435 days since the proposal was launched, the Council appears no closer to protecting European citizens and businesses with clear rules on privacy of communications.
On 7 March 2018, the Bulgarian presidency of the Council published a new discussion paper on the ePrivacy Regulation. This file should be now among the top priorities of the Bulgarian presidency ahead of the implementation of the GDPR in May 2018. However, there is little real progress to report For example and quite amazingly, the document indicates that “some” Member States are still arguing, contradicting rulings of the Court of Justice of the EU, to allow communications companies to use individuals’ metadata without consent.
Once the Council finally prioritises the ePrivacy Regulation and agrees on its “General Approach”, negotiations can finally start with the European Parliament. This would allow a final agreement to be reached, so that European businesses and companies can get the full benefit of a comprehensive privacy and confidentiality regime fit for the 21st century.
Bulgarian discussion paper (07.03.2018) https://www.parlament.gv.at/PAKT/EU/XXVI/EU/01/38/EU_13835/imfname_10792028.pdf
ePrivacy proposal undermined by EU Member States (10.01.2018)
Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)
(Contribution by Joe McNamee, EDRi and Margaux Rundstadler, EDRi intern)