- Working groups
Global law firm DLA Piper takes a deeper look into to the arguments supporting the long term goal of repealing the ePrivacy Directive to the benefit of consumers. #ThinkDigital
Regulation 2016/6791 - formally approved in April 2016 and set to apply from May 2018 - needs to be respected by all players offering services to European citizens, regardless of the sector they are active in. It aims to achieve a full and horizontal harmonisation in the area of privacy, based on the principle of technology-neutrality and adapted to the needs of our digital society.
While ETNO, the association representing Europe’s main telecom operators fully supports this idea, it is convinced that such harmonised privacy will not be achieved as long as the Directive 2002/58/EC on privacy and electronic communications (the "ePrivacy Directive") continues to exist alongside the GDPR. The ePrivacy Directive sets out sector-specific rules with regard to the processing of, amongst others, location data, traffic data and data breaches in the telecom sector,
The co-existence of the two legal instruments will likely lead to legal uncertainty and confusion regarding the scope of the ePrivacy Directive and the competent regulatory bodies. Telecom providers are subject, not only to the GDPR, but also to the sector-specific rules of the ePrivacy Directive, while functionally equivalent services provided by "over-the-top" players (such as Whatsapp and Skype) are only subject to the GDPR. This creates legal uncertainty for consumers and telecom providers, an unlevel playing field between market players, and also leaves space for confusion for consumers who would be confronted with inconsistent privacy standards and experiences.
Taking into account the above and against the background of the upcoming revision of the ePrivacy Directive, ETNO has requested that we further investigate arguments supporting the long term goal of repealing the ePrivacy Directive in a new study with the aim of (i) building consumer trust by reducing regulatory complexity, (ii) restoring the level playing field between all market players and (iii) ensuring consistency within the regulatory framework applicable to telecom providers and other entities processing personal data. This study further builds on the results of a previous feasibility study conducted for ETNO, a copy of which can be downloaded here.
The co-existence of the GDPR, which creates a horizontal data protection regime, and the ePrivacy Directive, which regulates sector-specific data protection issues, leads to in inconsistencies and unjustified differences between sectors and technologies. Indeed, most dispositions in the ePrivacy Directive overlap with the newer GDPR.
The following provisions overlap with the GDPR and should therefore be repealed:
The confidentiality of communication principle is slightly more delicate to deal with in this context, as it remains a cornerstone of privacy and data protection. Although it is also protected by national constitutions and international instruments, deleting this principle raises questions, and requires further reflection. If the legislator considers it is still required, given that the confidentially of communications principle concerns all sectors, and not only telecommunications services, it should be technology-neutral and would benefit from being transferred to a more horizontal legislation covering all services which allow interpersonal communications.
Finally, there are provisions in the ePrivacy Directive which are telecom-specific, such as itemised billing, control over call line identification, automatic call forwarding and subscribers' directories. Given today's digital society and the current state of the market, these provisions have become outdated and are no longer relevant. However, should the European legislator still deem them relevant, they should be transferred to a more horizontal legislation covering all services that allow interpersonal communication.
The arguments set out above make it clear that the ePrivacy Directive is outdated and no longer needed. Most of its provisions, if not all, should therefore be repealed. Should the confidentiality of communications principle and/or the non-privacy related provisions be deemed relevant by the European legislator, they should be updated and moved to a more horizontal legislation covering all services that allow interpersonal communications.
Repealing the ePrivacy Directive would contribute to harmonising privacy rules across Europe. All data protection rules would be contained in one instrument, notably the GDPR. This instrument applies to the processing of personal data, irrespective of the applied technology and the sector in which the data controller is active. Retaining the GDPR only, would restore the level playing field amongst all market players as they would all be subject to the same rules. It would also reduce the regulatory complexity, improve consumers’ understanding of the way in which their privacy is protected and facilitate a consistent and uniform application of the rules throughout the EU.
For the sake of completeness it should be added that if the European legislator considers that a separate ePrivacy instrument should be maintained for certain topics despite the above arguments against it, then this instrument should respect a number of minimum guidelines that are further detailed in the study.
Please liaise with ETNO or the authors of this blog post for more information on the study. A copy of the full study can be found here.
1 Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation" or "GDPR")
By Patrick Van Eecke and Raf Schoefs for ETNO #ThinkDigital, 01.09.2016
Prof. Dr. Patrick Van Eecke is a partner at the global law firm DLA Piper UK LLP (Brussels office) and professor of European Information Technology and Communications Law at the law faculty of the University of Antwerp. Raf Schoefs is a lawyer at DLA Piper UK LLP (Brussels office). E-mail addresses: firstname.lastname@example.org and email@example.com