WP29 deems that the ePrivacy Regulation Proposal lowers GDPR’s standards

On April 4, 2017, the Working Party 29 (WP29) released Opinion 1/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC) – wp247 (ePrivacy Regulation Proposal).

The WP29 welcomes the Proposal for the Regulation. However, it expressed several points of concern and suggested amendments. The European Commission, along with the European Parliament and the European Council, shall address these concerns and incorporate the changes they deem fit.

According to WP29, several aspects enjoy a lower level of protection than under the GDPR, such as for example with regard to the tracking of the location of terminal equipment; the conditions under which the analysis of content and metadata is allowed; the default settings of terminal equipment and software; and the tracking walls.

With regard to WiFi-tracking, the Proposed Regulation doesn’t seem to offer adequate protection. WP29 suggests that the proposed regulation complies with the GDPR requirements by including a technical standard for mobile devices to automatically signal an objection to such tracking.

With regard to the analysis of content and metadata, WP29 suggests that the Proposed Regulation should prohibit processing communications data without the consent of all end-users (senders and recipients). This means that the analysis of content and/or metadata for purposes such as analytics, profiling, or behavioral advertising requires consent from all end-users whose data would be processed.

With regard to consent for tracking, WP29 calls for an explicit prohibition on tracking walls consisting in a take it or leave it choice that forces users to consent to tracking if they want to have access to the service.

WP29 recommends that the Proposed Regulation makes it clear that terminal equipment and software must by default offer privacy protective settings, and offer clear options to users to confirm or change these default settings during installation.

 

The EDPS also commented on the Regulation Proposal and called for strong rules to protect confidentiality of communications (Opinion 6/2017) see here.

Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC) – wp247 pdf is available at http://ec.europa.eu…

 

For more information on privacy in Europe, Francesca Giannoni-Crystal and Federica Romanelli

Originally published on Technethics on May 2018

Leave a Reply

Your email address will not be published. Required fields are marked *