Only three Member States seem to have correctly adapted the provisions of the Directive on Privacy and Electronic Communications (Directive 2002/58/EC) or ePrivacy Directive, in the light of the General Data Protection Regulation (GDPR).
This account, drafted by the European Commission, is a challenge to Dutch MEP Sophie in't Veld and German MEP Moritz Körner of the Renew Europe group in the European Parliament, who questioned the European institution in a written question submitted on Monday 10 February.
“This means that twenty-five Member States do not protect the privacy and data of their citizens. You want to know which ones? So do we”, commented Sophie in't Veld on Twitter. A similar question had been tabled a few days earlier by the rapporteur working on the revision of ePrivacy, Birgit Sippel (S&D, Germany).
An unsatisfactory picture
On Thursday 30 January, the Commission gave an update on the situation to experts from the EU Council's Telecoms Working Party. In a presentation document seen by EUROPE, it notes that the national legislations transposing the ePrivacy Directive must comply with the new provisions of the Regulation on GDPR.
However, according to an analysis of the 28 replies to a letter sent last spring, this is the case for only three Member States.
Consecutive questions from the 2 MEPs
In their written question, Ms in't Veld and Mr Körner asked for the identity of the three Member States that have adapted their national law properly. They also questioned other figures put forward by the Commission, namely: - the 18 Member States which still need to provide clarification on the issue of consent; - the 11 countries that requested further clarification on the grounds for processing location and traffic data; - and the 18 Member States still seeking information on financial sanctions.
Both MEPs also raised the question of “two Member States applying an opt-out model for consent in Article 5(3) of the ePrivacy Directive”. In addition, they questioned the Commission on its intention to launch infringement proceedings against Member States that fail to comply with the GDPR.
This written question is in addition to a previous question submitted by Birgit Sippel on ePrivacy implementation issues. In her interpellation of 23 January, Ms Sippel asked in particular about the data retention rules of France, Belgium and the United Kingdom. She also regrets that not all Member States have provided for an "opt-in" system for non-functional cookies.
See the Commission's presentation: http://bit.ly/2SddkmU (Original version in French by Sophie Petitjean)