29 January, 2018

Legal Memo on Metadata and ePrivacy

This legal memo examines the approach taken in the Proposal for an e-Privacy Regulation in relation to the lawful processing of metadata.

The Proposal would currently only permit processing of non-anonymous metadata for a limited number of processing activities related to the proper functioning of electronic communications services (including transmission of the communication, billing, provision of mandatory quality of service, maintenance or re-establishment of network security), or where consent has been given by the end-user concerned. 

This approach, which strongly emphasizes the importance of consent, appears to be driven by the consideration that metadata in electronic communications should be treated as a special category of personal data which is inherently sensitive. The European Court of Justice of the European Union (CJEU)’s Tele2 ruling has been referenced as a key driver behind this approach. As will be argued below, this assumption however is flawed for several reasons.