Are we on the right track for a strong e-Privacy Regulation?

By EDRi · June 28, 2017

European legislation protecting your personal data (the General Data Protection Regulation and Law Enforcement Directive on Data Protection) was updated in 2016, but the battle to keep your personal data safe is not over yet. The European Union is revising its legislation on data protection, privacy and confidentiality of communications in the digital environment: the e-Privacy Directive. This piece of legislation contains specific rules related to your freedoms online.

In today’s interconnected societies, the way we frame technology defines if we are able to ensure the privacy of our most intimate conversations and thoughts. If the policy-makers fail to achieve this and end up with a vague text full of loopholes because of political “compromises”, it will have a far-reaching impact on our online freedoms for the decades to come.

----------------------------------------------------------------- Support our work - make a recurrent donation! -----------------------------------------------------------------

In January 2017, the European Commission launched the reform of the e-Privacy legislation by proposing a harmonised framework. The text needs improving. Tracking walls and offline tracking should be banned, and encryption should be ensured, among other issues. Despite the flaws of the proposal, there are also positive aspects to build on.

On 9 June 2017, the lead committee of the European Parliament in charge of the dossier for the e-Privacy reform, the Committee on Civil Liberties (LIBE), published its draft Report on the ePrivacy Regulation including amendments to the Commission’s original proposal. Marju Lauristin, the Parliamentarian in charge of the file for LIBE has shown great determination to improve the protection of citizens’ privacy by proposing numerous positive changes to the Commission’s text. The changes proposed by LIBE will help to ensure legal certainty by limiting the ways data can be used (strict grounds for processing), broadening the type of trackers that will be regulated (not only “cookies”), and reinforcing users’ rights by promoting end-to-end encryption without backdoors. Ms Lauristin also proposed introducing a household exception similar to the one in the General Data Protection Regulation (GDPR), in order make certain that accessibility tools are not unintentionally restricted by the legislation. In addition to this, the draft Report broadens the scope to include the protection of employees from surveillance by their employers, and adds the possibility of collective redress for organisations. However, the text could have gone one step further, for example, the absence of a stronger text opposing offline tracking in the proposed amendments is regrettable. It is difficult to imagine how consent in those situations (ones’ movements being tracked through Bluetooth or WiFi, as one wanders around a town or a shopping centre) can be informed, how data could be meaningfully anonymised and how opt-out would work without excluding users of certain services.

The LIBE Committee put forward a stronger text than the original proposal. It is, however, to be seen if strong opponents of the e-Privacy Regulation, such as the Rapporteur of the Committee on Legal Affairs (JURI) Axel Voss, will succeed to undermine the key elements of the text. Only few Member States seem to have a strong position on this dossier, which makes it even harder to guess what the final result of this reform will look like. Member States have been heavily lobbied by the most regressive parts of the online industry for years. This resulted in fourteen Member States calling for “the right balance between digital products and services and the fundamental rights of data subjects” – as ridiculous as it seems to demand a balance between “products” and fundamental rights.

A lot of work still needs to be done to keep the best parts of the proposals, and to avoid the amount of disharmony and “flexibility” we ended up with in the GDPR. The way we will communicate with others, and the way our interconnected devices will work depends greatly on the outcome of this new Regulation. Will the EU set up the standards of protection high enough? The next months will give us an answer to this question.

Draft Report on the e-Privacy Regulation of the Committee on Civil Liberties, Justice and Home Affairs (LIBE) (09.06.2017)

e-Privacy revision: Document pool

Your privacy, security and freedom online are in danger

EDRi’s proposal for amendments to proposal for the e-Privacy Regulation

(Contribution by Diego Naranjo, EDRi)