The full entry into force of the general data protection regulation (GDPR) at the end of May this year will reveal what still needs to be done on ePrivacy, and whether there are any problems or potential misinterpretations concerning the confidentiality of data transfer.
It is clear the ePrivacy regulation is necessary. It should complement the GDPR and set telecom operators and over-the-top (OTT) companies - such as Netflix, Skype, and Google - on an equal footing. This will give users greater certainty that all of their data is protected and secure. This is crucial in building the trust to allow digital society to develop.
However, we must also create new possibilities for data processing. Of course, this should also be done under clear, transparent conditions, with full respect of the principles and the spirit of the GDPR. ‘Further processing’ should be incorporated into the ePrivacy regulation.
RELATED CONTENT
The list of exceptions for digital activities aimed at using data for analytical purposes, research efforts, statistical work, security reviews, keeping small local publishers in business - which are important for maintaining the availability of diverse information sources - these need to be all precisely defined described.
This requires work on changes requested in Parliament’s ePrivacy report. The only way to start this work is by opening trilogies and cooperation between Parliament, Commission and Council, which means that the Bulgarian presidency must become involved.
The Bulgarian EU Council presidency has offered some remarks and possible approaches to the ePrivacy issue. The proposals are promising and the presidency seems open to finding a balance between user expectations and needs relating to privacy values and fundamental rights and the opportunity for the development of a data-driven economy.
However, this is only the first step. There has been reaction from some governments and it is easy to imagine the position of some member states. However, Parliament’s ePrivacy team is waiting for the Council to clearly outline its position.
ePrivacy is a key component of the data protection and privacy package, together with the GDPR. This package is one of the key factors for building a strong foundation for the digital single market. This is why it is crucial to have it in place by the time this Commission and Parliament reach the end of their terms.
The clock is ticking. In my view two scenarios are possible. First, we start the trilogues at the end of May. The Council is ready and open for negotiations, and we will know more about the implementation of the GDPR.
Using this potential and political will, we begin our work with the objective of finishing the negotiations in late autumn and finalising this dossier in early winter, avoiding unnecessary ideological debates.
Of course, we need to consider an appropriate date for the actual entry into force of this legislation - with at least one year for preparations and necessary adjustments in national law.
In the second scenario, it is not clear when the member states will be ready. We will move from the Bulgarian presidency to the Austrian presidency and the actual date for the start of the trilogues will not be known.
As we will wait longer after the entry into force of the GDPR, we will know much more about the successes and problems encountered in its implementation. We will learn lessons from the GDPR implementation in many areas. This could also be a positive experience and good basis for proper work on ePrivacy in light of the work done on the GDPR. However, it is obvious that this will take time.
It is clear that we need ePrivacy rules. However, seeing there is little chance for such rules to enter into force soon after or together with the GDPR, we need to come up with quality solutions - rules that complement the GDPR, match users’ real needs, and open up new possibilities for business and digital development.