Blogs | Privacy and data protection | Data protection standards | Privacy and confidentiality | Surveillance and data retention

Battle lines drawn between citizens and internet giants in EU e-Privacy Regulation

By EDRi · October 3, 2017

On 2 October, the European Parliament Committee on Legal Affairs (JURI) and the Industry Research and Energy Committee (ITRE) voted on the e-Privacy Regulation, the Committee on Internal Market and Consumer Protection (IMCO) voted on 28 September. These votes will feed into the final decision to be taken by the Committee on Civil Liberties, Justice and Home Affairs (LIBE) next week.

The purpose of the e-Privacy Regulation is to protect the privacy and integrity of electronic communication. It covers both private and business communications.

The Parliament needs to stand firm and vote for measures to strengthen privacy and security online,

said Joe McNamee, Executive Director of European Digital Rights.

Caving in to lobbying from – or on behalf of – online data monopolies would undermine the rights of European citizens and businesses.

The Committee on Legal Affairs (JURI) has taken big steps to protect European citizens’ rights to privacy. It adopted amendments that ensure communications (such as emails) needs to be protected whether it is in transit or at rest, which will prevent your email service provider from reading your emails both when they are being sent and also when they are stored in the “cloud”. JURI also included a provision to protect privacy by design and by default, meaning that when you install a software, its setting will automatically prevent tracking and collection of data.

The Committee on Industry Research and Energy (ITRE) proposed a mix of positive and negative changes to the text. Among many issues, ITRE strongly defended effective encryption. On the downside, it supported the Commission proposal not to enforce security and privacy by design and proposed allowing further processing of confidential communications data without users’ “consent”. The first measure, de facto opposes the concept of privacy by design and by default – making the device as privacy friendly as possible without requiring any changes from the user. This supports the current industry practice of hiding privacy options in misleading language that is almost impossible to understand. The second measure could become a loophole to allow private communications to be re-used for any purposes that a company considers “compatible” with the initial collection of the data.

By far the most hostile to the interests of citizens and of security of business communications is the Committee on Internal Market and Consumer Protection (IMCO). It voted on the e-Privacy Regulation on 29 September. In line with an avalanche of broadly pro-Google lobbying, IMCO weakened the Commission’s proposal in its Opinion by reducing the scope of the regulation and its safeguards for citizens. With IMCO’s suggestions, the e-Privacy Regulation would be considerably weakened.

The e-Privacy Regulation has been under review since 2016, after the adoption of the new General Data Protection Regulation.

FAQ e-Privacy

e-Privacy revision: Document pool (10.01.2017)

Quick guide on the proposal of an e-Privacy Regulation (09.03.2017)