After the EU‘s General Data Protection Regulation recently went into effect, new challenges await for companies with the additional ePrivacy regulation. What do these new guidelines look like, which companies will be affected, and when will the new regulation be applied?
The planned ePrivacy Regulation (ePVO) is intended to protect privacy in electronic communications. Put simply, it is about who can track the digital traces of users in e-communications, whether they are chatting via text message, on the phone, shopping or engaging in other activities online.
The ePrivacy Regulation will replace the existing ePrivacy Directive of 2002. As a special regulation, the ePVO is intended to specify and supplement the General Data Protection Regulation (GDPR) - it actually was intended to enter into force at the same time. But the project has been dragging on and the two regulations could even get into each other's way in terms of content.
What Is ePrivacy All About?
ePrivacy Regulation is mainly focused on advertising by electronic means of communication – whether by telephone, email or messenger. The use of cookies is under particular scrutiny here: tracking cookies make it possible to follow users as they move and surf the Internet.
The current draft of the ePrivacy Regulation provides for a general ban on tracking cookies or stricter regulations regarding the need to obtain consent.
Who Is Impacted?
Although ePrivacy regulation will affect significantly fewer companies than the GDPR, it will impact all those who operate telecommunication services or use commercial media services, tracking cookies and customized advertising. Companies in the online advertising and media industry will therefore feel the effects of the new regulation the most. The ban or restriction of cookies fundamentally shakes up the business models of many of these companies. And as with the GDPR, the new ePrivacy regulation will call for considerably higher fines for non-compliance.
Criticism from the Digital Economy
It is becoming clear that ePrivacy regulation will contain many parallel rules on data protection which are different from the GDPR and which are only to be applied to certain digital services. In its English-language Position Paper on ePrivacy regulation, Germany’s digital association Bitkom calls for amendments to the proposed text. Otherwise, the EU could not become a leading player in AI and fully exploit its economic potential by digitizing its industries. The main focus is on areas such as autonomous driving, machine-to-machine communication (M2M) and the growth of Internet of Things (IoT) and industry 4.0 platforms.
Go-Date Unclear
At the beginning of 2017, an EU Commission presented the first draft of the ePVO. In October of the same year, the EU Parliament voted in favor of it. But since then, though the European Council has discussed it intensively, an agreement has still not been reached and it remains in deadlock.
The European Data Protection Committee (EDSA) has called for a rapid adoption of the regulation. In the meantime, however, experts do not expect the ePVO to enter into force before 2020 and not to be applicable until 2022 at the earliest.