Top of page

Article European Union: Commission Proposes ePrivacy Regulation

(Jan. 30, 2017) On January 10, 2017, the European Commission published a proposal for a regulation on privacy and electronic communications (ePrivacy Regulation) with the aim of aligning current rules with technical  developments and with the European Union General Data Protection Regulation (GDPR). The new regulation would particularize and complement the GDPR, meaning that all matters concerning the processing of personal data not specifically addressed in the ePrivacy Regulation would be covered by the GDPR.  (Proposal for a Regulation of the European Parliament and of the Council Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) (ePrivacy Regulation), COM(2017) 10 final (Jan. 10, 2017), EUROPA; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119) 1, available at EUR-LEX.)

The processing of electronic communications data by EU institutions, bodies, offices, and agencies will be addressed in a separate regulation. (ePrivacy Regulation, Explanatory Memorandum, ¶ 1.3.)  The ePrivacy Regulation would apply from May 25, 2018.  (ePrivacy Regulation art. 29(2).)

Overview

Current EU rules on ePrivacy only cover traditional telecom providers and the content of electronic communications. (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications), 2002 O.J. (L 201) 37, arts. 2, 3, & 5, available at EURLEX.) The proposed regulation would extend coverage to Internet-based voice and Internet-messaging services such as WhatsApp, Facebook Messenger, and Skype. (ePrivacy Regulation, art. 18.)  In addition, the confidentiality of both content and metadata derived from electronic communications would be protected.  (Id. art. 4, no. 3a, art 5.)

The proposal aims to simplify the rules on consent for the use of tracking cookies and other identifiers. It suggests that browser settings or other applications should offer an easy way for an end-user to allow or refuse cookies.  No consent would be needed for non-privacy intrusive cookies such as those used to remember the content of an online shopping cart or to measure web traffic to a website.  (Id. arts. 8 & 10.)

Furthermore, the ePrivacy Regulation would ban unsolicited spam marketing messages and calls. (Id. art. 16.)  However, the use of email contact details within the context of an existing customer relationship for the offering of similar products or services would be allowed. The email from the marketing company would be required to contain clear information on how to object to such a use.  (Id. art. 16(2)2.)  The ePrivacy Regulation would also require marketing companies to either display their phone numbers or use a special code or prefix that indicates a marketing call.  (Id. art. 16(3).)  In addition, it would require end-users to be offered free-of-charge possible means to limit the reception of unwanted calls and to block calls from specific numbers or from anonymous sources.  (Id. art. 14.)

In order to ensure uniform application in all Member States, the proposal provides that the regulation will be enforced by the independent national supervisory authorities already competent to enforce the GDPR. (Id. consideration 38 & art. 18.)

Next Procedural Steps 

Ordinary legislative acts are proposed by the European Commission and adopted by the European Parliament and the Council in a “co-decision procedure.” (Consolidated Version of the Treaty on the Functioning of the European Union (TFEU), 2012 O.J. (C 326) 47, arts. 289 & 294, available at EUR-LEX.)  Once the final text of the regulation is adopted by the European Parliament and the Council, it will be directly applicable in all EU Member States.  No domestic implementing legislation is needed.  (TFEU, art. 288 ¶ 2.)

About this Item

Title

  • European Union: Commission Proposes ePrivacy Regulation

Online Format

  • web page

Rights & Access

Publications of the Library of Congress are works of the United States Government as defined in the United States Code 17 U.S.C. §105 and therefore are not subject to copyright and are free to use and reuse.  The Library of Congress has no objection to the international use and reuse of Library U.S. Government works on loc.gov. These works are also available for worldwide use and reuse under CC0 1.0 Universal. 

More about Copyright and other Restrictions.

For guidance about compiling full citations consult Citing Primary Sources.

Credit Line: Law Library of Congress

Cite This Item

Citations are generated automatically from bibliographic data as a convenience, and may not be complete or accurate.

Chicago citation style:

Gesley, Jenny. European Union: Commission Proposes ePrivacy Regulation. 2017. Web Page. https://www.loc.gov/item/global-legal-monitor/2017-01-30/european-union-commission-proposes-eprivacy-regulation/.

APA citation style:

Gesley, J. (2017) European Union: Commission Proposes ePrivacy Regulation. [Web Page] Retrieved from the Library of Congress, https://www.loc.gov/item/global-legal-monitor/2017-01-30/european-union-commission-proposes-eprivacy-regulation/.

MLA citation style:

Gesley, Jenny. European Union: Commission Proposes ePrivacy Regulation. 2017. Web Page. Retrieved from the Library of Congress, <www.loc.gov/item/global-legal-monitor/2017-01-30/european-union-commission-proposes-eprivacy-regulation/>.