The second thing which didn’t happen whilst I was on maternity leave: the new EU ePrivacy Regulation wasn’t finalised. The new Regulation is due to replace the EU ePrivacy Directive1 and the UK’s current ePrivacy Regulations (commonly referred to as ‘PECR’)2.
The full title of the proposed new law is: Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications). It was originally due to apply as from 25 May 2018, the same day from which the GDPR applied, but the text was not finalised by then, and has still not been.
The proposed ePrivacy Regulation contains rules on electronic communications services and the use of communications data. Many of the provisions apply specifically to organisations in the communications sector: providers of communications services, providers of publicly available directories, and providers of software permitting electronic communications. Importantly this includes providers of services such as WhatsApp, Facebook Messenger and Skype, in addition to traditional telecommunications providers.
Provisions which will be of interest to all sectors include those relating to direct marketing and cookies. Some key aspects of the proposed new Regulation which add to or amend current law in these areas are as follows.
See also article number 9 in my series discussing the recent changes to ePrivacy law in relation to the liability of company directors for ICO monetary penalties for unlawful direct marketing activities. Brexit will also necessitate amendments to ePrivacy laws – see the draft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.
Olivia Whitcroft, principal of OBEP, 20 June 2019
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
The Privacy and Electronic Communications (EC Directive) Regulations 2003
1 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
2 The Privacy and Electronic Communications (EC Directive) Regulations 2003
This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details