Reform of rules on the protection of personal data in electronic communications has now been launched at the European Parliament.
The rapporteur, Marju Lauristin (S&D, Estonia), is expected to present her draft report during the civil liberties committee (LIBE) on Wednesday 21 June in view of the text being adopted “ideally in October”, she told EUROPE, in an exclusive interview during the Digital Assembly conference that took place in Valetta, Malta, on Thursday 15 and Friday 16 June.
Back in January, the European Commission proposed toughening up respect for rules on private life in electronic communications (see EUROPE11700). In practice, the draft regulation is based on the principle that electronic communications should be entirely confidential whilst allowing service providers more use of customers’ personal data if they have given their prior consent. Another innovation consists of the proposal strengthening the obligations of over the top (OTT) operators regarding private life issues.
Lauristin suggests three main changes
Lauristin outlined the ideas underpinning her draft report: “the Commission proposal is quite good so I am not changing the principles of it. I am, nonetheless, trying to do my best to put forward a more detailed approach when it is not clear and introduce greater flexibility, particularly with regard to the question on cookies or browsers when it is necessary”.
She summed up the three main amendments she is proposing: “my draft report applies the general principle of a default ‘confidentiality by design’ for cookies (Ed: tools used to track and follow consumer behaviour and choices). This is already contained in the Commission proposal but not in a very clear way. My proposal introduces a specific list of situations in which providers have a reason to use this kind of tracking device.”. "I consider that users must always have the possibility of setting their devices according to their needs and changing these settings over time and being informed of any changes. Again, this was not quite clear in the Commission proposal”, she added.
In Lauristin's view, the third change will provide greater flexibility to providers and businesses. “In certain situations, providers need information, for example, to warn against harmful programmes. My report also includes audience measures and click density maps on an aggregated and anonymous basis… not everything is being banned categorically as such; this would create panic in the industry. We are, however, placing consent and consumer information at the centre of the process”, she said.
Appropriateness of specific rules on e-environment
Asked for a response regarding the opposition demonstrated by the industry to this kind of reform (see EUROPE 11701), Lauristina stated that it was not true to say that “this new regulation is pointless insofar as the EU already has a general regulation on data protection” (Regulation 2016/679, General Data Protection Regulation - GDPR).
In Lauristin's opinion, “the GDPR covers multiple situations relating to personal data. This draft regulation goes further because it covers the issue of communications confidentiality, private life and to personal data”.
With the Council of the EU having already made known its opposition to the timetable included in the proposal on the table (see EUROPE 11805), the Estonian social democrat acknowledges that the deadline for applying the text is problematic but is nonetheless calling for a parallel approach towards the general and specific regulations. “The Commission would like the regulation to be applied at the same time as the GDPR on 25 May 2018, which is extremely tight. On the other hand, it would not be a good sign for businesses and the public to know that the GDPR will be applied but that the new rules will still create a commotion. I understand that certain technologies have to be adapted and this requires time. Nonetheless, this should be included in an article on implementation: we have to begin at the same time for the two regulations and announce changes for later, which are already known, in certain domains”, she said.
EUROPE also asked Lauristin if she expected to receive support from her colleagues at the European Parliament. She replied that she was hoping for a vote on her reports in the LIBE committee this October but that “I have to say that the team working on the issue is for the most part the same as the team working on the GDPR. One of our common concerns is to make a link between the GDPR and the new regulation and to ensure that there are no shortcomings or duplication… I am happy to say that this is not a ‘problem’ linked to the political parties because the digital environment is a priority for everyone. It is perhaps more geographical and generational but in this team, I have not detected this kind of problem”. (Original version in French by Sophie Petitjean)