The Council of the EU will not reach a general approach to the draft regulation on e-privacy by the end of the year. The Estonian Presidency is, however, preparing to present a progress report at the ministerial meeting on 4 December.
The draft regulation aims to boost confidentiality in electronic communications while allowing service providers to use their clients’ personal data as long as the latter have given approval beforehand (see EUROPE 11700).
Controversial questions to be settled
The European Parliament has been ready to enter interinstitutional talks since 19 October (see EUROPE 11887), but the Council is far from a common position on the controversial issues. The progress report to be unveiled to ministers on 4 December points out, for example, that work remains to be done on the confidentiality parameters for software (Article 10). It explains that the delegations have raised a number of questions that need to be addressed before the text can be rewritten, including the impact on the role of navigators in an internet ecosystem, the value-added from the viewpoint of users, and the question of whether, in the light of the solutions already provided by the market, regulations are needed on this.
The Presidency notes that further talks will be needed on publicly accessible directories in the light of the recent proposals to impose obligations on interpersonal communications services based on a number rather than on director providers. It says that more talks are also needed on the technical feasibility of direct marketing communications.
Progress on connection with GDPR
The presidency seems to have managed to clarify the link between the draft regulation and the general regulation on data protection (GDPR). The compromise text points out that the GDPR only protects data arising from individuals whereas the draft regulation also covers companies and other legal bodies. In this sense, the ePrivacy regulation should be seen as a lex specialis for the GDPR in terms of numbers arising only from individuals. The draft report states that extra work will be needed on the body authorised to give consent under the GDPR on behalf of companies and other bodies.
The report notes progress on machine-to-machine communications and surveillance authorities. After considering only covering machine-to-machine communications connected with an end user, the Estonian Presidency is now proposing to refer to the measures in the electronic communications code (still being discussed). This would amount to saying that the new rules would only cover transmission services used to transmit these communications and would exclude application layers (the access point to service networks). In terms of surveillance authorities, the Presidency suggest that national data protection authorities should mentor application of communications protection principles while allowing member states to designate extra control authorities for implementation of users’ right of scrutiny.
A final meeting of the TELE working group will take place on 11 December to address the confidentiality parameters and the processing and storage of data (Articles 6, 7, 8 and 10); it will not look at Article 11 (limitations). The progress report can be found at http://urlz.fr/6aLt. (Original version in French by Sophie Petitjean)