The Bulgarian Council of the EU is proposing to expand the number of reasons for allowing the personal data from electronic communications to be processed. This was explained in new compromise paper on respect for private life in electronic communications, which will be presented to the national experts on Thursday 19 April.
It should be recalled that the draft regulation on the table aims to enhance online confidentiality while allowing service providers to use the personal data of customers when they have given that prior consent (see EUROPE 11700). The European Parliament adopted its position in mid October 2017 (see EUROPE 11887). Work is taking longer at the Council.
In an effort to speed up discussions, the Bulgarian Presidency published a new working paper on Friday 13 April, focusing on the general provisions, the protection of natural persons and information, as well as the right of scrutiny with regard to electronic communications (chapters 1 - 3).
Authorised processing of personal data
The main change focuses on extending the reasons that allow for personal data from electronic communications to be processed (article 6). Sofia is proposing to authorise the processing of metadata processing for purposes of “network management and optimisation” (Art 6.(2)(a) and for the purpose of “statistical counting” (Art. 6(2)(f)).
The Bulgarian Presidency would like to ensure that statistical accounting is subject to certain conditions, including the obligation to make data anonymous after 24 hours, for example. It also contains certain safeguard clauses (Art. 6(3a)) that allow, for example, the user to be informed in advance to oppose this kind of mechanism.
In the context of article 6, the acting Presidency reformulated the reasons for allowing network providers or services to process metadata linked to the “vital interest”. It explains that this reason must be invoked by the competent authority and cannot simply be the decision of the provider.
Protection terminal equipment
On the difficult question of cookies (Art. 8), the Bulgarian Presidency provides a little more detail than in its previous paper and underlines the fact that the practice of “cookie walls”, whereby a user who refuses to allow cookies can be denied access to a website or application, cannot be allowed unless they are pursuant to a legitimate interest. This would happen, for example, when it is required for assessing the efficiency of a service. The new document explains in paragraph 21, however, that this is not always the case, especially when a cookie is recreated after it having been removed by the end user.
The new text also clarifies that the collection of information related to equipment is authorised not just for connection purposes but also when it involves the maintenance of this connection.
Confidentiality parameters
The third major question involved in this reform focuses on software confidentiality parameters (Art.10).
As part of its proposal, the Bulgarian Presidency suggests that at the moment of installation or first use, the software “shall inform the end-user about the privacy settings options and navigate the end-user through them”. The previous text mentioned, for example, periodic intervals rather than updates.
The Presidency also adds that it is currently looking at how to improve the response to concerns by certain delegations about software placed on the market but which are never updated.
It should also be pointed out that on publicly available directories (Art. 15), Sofia is proposing to make consent the default rule, while allowing the member states that so wish to introduce legislation on the specific issue. This will involve an opt-out of the system according to which the personal data of service users based on numbers could automatically be identified in a directory unless the end-user explicitly objects.
With regard to unsolicited advertising in Art. 16, the document leaves it up to the member states to decide, if they so wish, what is the appropriate time limit for using customers' contact details for direct marketing following a specific purchase.
The Bulgarian working paper will be discussed on 19 April during the telecommunications and information society working party meeting.
For further information: https://bit.ly/2qzdU01 (Original version in French by Sophie Petitjean)