Between now and the meeting of Member States' ambassadors on 22 November, a working group will be continuing its work on the confidentiality of electronic communications (see EUROPE 12364/2). On Tuesday, 12 November, the experts were invited to discuss a new compromise text that addresses the issues of child pornography, data retention and scope of application.
Another technical meeting on this text is due to take place on 14 November. The text brings up to date and replaces the 2002 Directive on the Confidentiality of Electronic Communications by taking account of circumventing operators.
According to information we have received, the text does not seems to be being blocked by a minority of countries any more, as the Member States who are resisting the most are worried that the future rotating presidencies of the Council of the EU (Croatia and Germany) will move in a direction they like even less.
The new text under the microscope
The latest draft compromise prepared by the Finnish Presidency of the Council of the EU takes a position on the final questions still on the table:
On the question of scope of application, it proposes viewing natural or legal persons who do not provide an electronic communication service to the end user as “third parties”. However, it excludes from this definition those service providers who offer both communications services and third-party services, such as cloud services that automatically store messages.
With regard to cookies, the new version returns to the idea of a whitelist to avoid the consent procedure. It therefore encourages software providers to allow users to identify one or more trusted providers who have permission to access the data stored on their device. Unlike the European Parliament, the new version does not exclude cookie walls, which prohibit users from accessing a site if they do not consent to their data being processed, as long as there is an alternative or there is not an “imbalance between the user and the service provider”. These imbalances do exist for services provided by public authorities or by “service providers in a dominant position”, for example.
Helsinki has chosen to create a new legal basis for the fight against child pornography, which has been renamed the fight against “the sexual abuse of children”. Article 6d allows circumventing operators to process electronic communication data for this purpose without obtaining the consent of users. All of this, with certain safeguards in place, including the use of a non-reconvertible digital signature - a ‘hash’ sign.
The final matter the text addresses is the issue of data retention. In Articles 6(1)(d) and 7(4), the Presidency seeks a balance between Court of Justice case law and the willingness of Member States to store data for public safety purposes. The text therefore makes it possible to store such data in a way that is “necessary and proportionate in a democratic society to safeguard public safety”. It adds, however, that this data cannot be retained for a longer period than is needed to send a communication. (Original version in French by Sophie Petitjean)