EU Proposes Stronger E-Privacy Rules

    Feb 08, 2017

    The European Commission (EC) released a proposed draft regulation meant to strengthen privacy in electronic communications.

    The measures aim to update current rules, extend their reach to all e-communication providers, and create new possibilities to process communication data and reinforce trust and security in the Digital Single Market. The proposal also aligns the e-communications rules with the new EU General Data Protection Regulation (GDPR).

    The Proposal on Privacy and Electronic Communications also would ensure that when personal data is handled by EU institutions and bodies, privacy is protected in the same way it is in member states under the GDPR.

    The proposed rules will address the following:

    • New players: 92% of Europeans say it is important that their e-mails and online messages remain confidential. However, the current e-privacy directive applies only to traditional telecoms operators. New privacy rules also will cover new providers of electronic communications services, including WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, and Viber.
    • Stronger rules: By updating the current directive, all people and businesses in the EU will enjoy the same level of protection for their electronic communications. Businesses will also benefit from one single set of rules across the EU.
    • Communications content and metadata: Privacy will be guaranteed for both content and metadata culled from electronic communications (e.g., time of call and location). Under the proposed rules, both will need to be anonymized or deleted if users have not provided consent unless the data is required for billing purposes.
    • New business opportunities: Once consent is given for communications data, both content and/or metadata, to be processed, traditional telecoms operators will have more opportunities to use data and provide additional services. For example, they could produce heat maps indicating the presence of individuals to help public authorities and transport companies when developing new infrastructure projects.
    • Simpler rules for cookies: The so-called “cookie provision,” which has resulted in an overload of consent requests for Internet users, will be streamlined. New rules will allow users to be more in control of their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers. The proposal does not require consent for non-privacy-intrusive cookies that improve users’ Internet experience, such as a shopping cart history and cookies that count the number of website visitors.
    • Spam protection: The proposed rules ban unsolicited electronic communication by any means if users have not given consent. Member states can opt for a solution that gives consumers the right to object to receiving voice-to-voice marketing calls, for example, by registering their number on a do-not-call list. Marketing callers will need to display their phone number or use a special prefix that indicates a marketing call.
    • More effective enforcement: The national data protection authorities are responsible for enforcing the confidentiality rules in the proposed regulation.

    The EC has called on the European Parliament and Council to swiftly pass the new rules before May 25, 2018, when the GDPR goes into effect.


    The online Global Policy Brief is intended to help you stay current on international news and events. Further information about the issue is accessed by clicking on the link provided at the end of each summary.

    Want to sign up to receive an email version of the Global Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    © 2017, ARMA International