EU: Presidency releases revised draft ePrivacy Regulation
The Presidency of the Council of the European Union released, on 4 November 2020, its revised text of the proposed Regulation concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) ('the Draft ePrivacy Regulation'). In particular, the Draft ePrivacy Regulation notes that the amendments introduced represent changes as compared to the compromise proposal issued by the Croatian Presidency on 6 March 2020.
In addition, and in relation to data retention, Articles 6(1)(d) and 7(4) of the previous draft of the ePrivacy Regulation have been deleted in view of the Court of Justice of the European Union's ('CJEU') judgments in Case C-623/17, Privacy International, and in Joined Cases C-511/18, La Quadrature du Net and Others, C-512/18, French Data Network and Others, and C-520/18, Ordre des barreaux francophones et germanophone and Others. In fact, the current Draft ePrivacy Regulation highlights that the Presidency concluded that the general restrictions clause in Article 11 of the Draft ePrivacy Regulation enables EU and Member States to regulate data retention in conformity with EU law, and that there is therefore no need for additional provisions which could even entail the risk of restricting potential future legislation on data retention at a national or EU level.
Moreover, and in relation to the protection of end-users' terminal equipment information, the current Draft ePrivacy Regulation has introduced, in Article 8(1)(c), a more strict wording, providing that, in order for the use of the terminal equipment to be necessary for the provision of a service requested by the end-user, the same must be 'strictly technically necessary' for providing an information society service 'specifically' requested by the end-user. In addition, the current Draft ePrivacy Regulation has reintroduced Article 8(1)(da) and (e), addressing the use of processing and storage capabilities of terminal equipment and the collection of information from end-users' terminal equipment that are necessary for security purposes and for software update. Furthermore, the current Draft ePrivacy Regulation has deleted Article 8(1)(g) and (1a) to (c), which provided for the use of processing and storage capabilities of terminal equipment and the collection of information from end-users' terminal equipment when necessary for the purpose of legitimate interests.
Lastly, the Draft ePrivacy Regulation will be further discussed in the Working Party on Telecommunications and Information Society's meeting of 11 November 2020.
You can read the Draft ePrivacy Regulation here.