Bucharest published a new document on Friday 15 February to unblock discussions in the EU Council on the confidentiality of electronic communications. This consolidated document, which addresses, among other things, the powers of the supervisory authorities, will be discussed on 19 and 20 February (see EUROPE 12186).
The Romanian Presidency’s idea is to reach, by June 2019, a political agreement ('general approach') of the Council on this text which aims to strengthen the confidentiality of online exchanges while allowing the use of personal data of customers who have given their prior consent (see EUROPE 11700). This is in view of the fact that the European Parliament has been waiting since 26 October 2017 to enter into negotiations with the Council (see EUROPE 11892).
The new working document, of about 100 pages, is based on the discussions of the Intellectual Property Officers on February 7 (see EUROPE 12186). It clarifies certain concepts in relation to the Electronic Communications Code and the General Data Protection Regulation (GDPR).
For example, instead of a reference to the GDPR, it lists the rights of recourse available to the injured user, namely the right of "effective judicial remedy" in case of violation of the rights conferred by the new Regulation, the "right to complain to a supervisory authority" and the right to appeal against the decision of the said supervisory authority.
Among the main changes, the Romanian text states that supervisory authorities should have powers of investigation and rectification and that they should cooperate with data protection authorities (Article 18). It marginally modifies the situations allowing the processing of data resulting from electronic communications (Article 6): it specifies that the ground related to security and/or attacks must be limited in time according to this objective and puts the ground related to the fight against child pornography in square brackets, indicating that this subject would be discussed with the Council Working Party on Information Exchange and Data Protection on Tuesday 19 February.
On the delicate issue of cookies as a basis for targeted advertising, this new version restricts the scope of consent (recital 20a): it refers to technical means of obtaining "specific and informed" consent in order to avoid the 'consent fatigue'.
The document also refers to white lists that allow users to identify one or more suppliers for specific purposes. "Browsers providers are encouraged to ensure that end users can easily set up and amend such white lists and withdraw consent at any moment in a user-friendly and transparent manner", the document continues.
See: https://bit.ly/2NcqMU9. (Original version in French by Sophie Petitjean)