The Estonian Presidency of the Council has suggested increasing the situations in which network and services providers may process electronic communications data. This emerged from a compromise dated Tuesday 5 December, to be presented to the next meeting of the Council working group.
Readers may recall that the draft regulation aims to reinforce the confidentiality of online trading, whilst allowing service providers to use the personal data of customers who have given their prior consent for this (see EUROPE 11700). The Parliament reached its position on 19 October (see EUROPE 11887), whilst the Council is still working on its position.
The next meeting of the working group on the information society and telecommunications (TELE) is scheduled for 11 December. The Estonian Presidency is planning an exchange of views on the confidentiality parameters (article 10). It will also put brand-new proposals before the delegations on the authorised processing of data (article 6), their storage and deletion (article 7) and the protection of information stored in terminal equipment (article 8). In its last document, it stresses the need to strike a balance between the protection of privacy and the requirement not to endanger business models.
Latest compromises on articles 6 to 8
Essentially, the Estonian Presidency is suggesting introducing new situations in which service/network providers would be permitted to process data from electronic communications.
In particular, it would like to add the processing of meta-data (article 6.2) aiming to respond to a contract, legal obligation or to vital interests as well as scientific research or statistical purposes. It suggests that the processing of content (article 6.3) be made possible in three situations: - the provision of a service, if consent has been given and the processing is necessary in order to provide the service; - the provision of services (limited in time and scope) specifically ordered by an end user, such as voice synthesis services; - if all end-users have given their consent, following consultation of the control authority and - in a new addition - an impact assessment has been carried out (article 6.3). The Presidency adds that third parties are also authorised to process data on behalf of the service provider (article 6.4).
As regards article 7, the Presidency states that end-users or third parties are selected by them may register, store or process their meta-data.
Finally, the Presidency is bringing in new derogations to article 8, which will prohibit the processing and collection of information from terminal equipment. It states that it should be possible to use data of this kind for security updates and to locate emergency calls.
The document to be put before the national delegations on 11 December includes all of the amendments to the proposed regulation so far considered. The text is available at: http://bit.ly/2AyigIw . (Original version in French by Sophie Petitjean)