The Fate Of EU Legislation Designed To Bolster Data Protection Beyond The GDPR, The ePrivacy Regulation, Hangs In The Balance

Whatever your views on the EU’s General Data Protection Regulation (GDPR), there is no denying the impact it has had on privacy around the world. Where the GDPR deals with personal data stored “at rest”, the proposed ePrivacy Regulation deals with with personal data “in motion” — that is, how it is gathered and flows across networks. As Techdirt discussed two years ago, the pushback from Internet companies and the advertising industry against increased consumer protection in this area has been unprecedented. Some details were provided at the time in a report from the Corporate Europe Observatory. Unfortunately, that massive lobbying has paid off. Good ideas in the draft text produced by the European Parliament, like banning encryption backdoors or “cookie walls”, have been dropped, as has the right of Internet users to refuse to accept tracking cookies. In the most recent version of the text (pdf) put together under the Austrian Presidency of the Council of the European Union (one of the three EU institutions that has to agree on the final law), there’s even a new bad idea:

In some cases the use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment may also be necessary for providing an information society service, requested by the end-user, such as services provided to safeguard freedom of expression and information including for journalistic purposes, such as online newspaper or other press publications…that is wholly or mainly financed by advertising provided that, in addition, the end-user has been provided with clear, precise and user-friendly information about the purposes of cookies or similar techniques and has accepted such use

This section would give the news publishing industry a special right, enshrined in the ePrivacy Regulation, to use tracking cookies to support advertising, even though the original impetus behind the new law was to stop precisely this kind of obligatory commercial surveillance. Following its lobbyists’ success in obtaining a special link tax included in the awful EU Copyright Directive, this latest legal privilege is further testament to the power of the publishing industry in the EU.

Judging by the most recent draft text, the ePrivacy Regulation has been almost completely gutted of any strong protections for Internet users. And yet it seems even what little remains is too much for some EU member states, as a story on Euractiv reports:

The European Commission will present a revised ePrivacy proposal as part of the forthcoming Croatian Presidency of the EU, Internal Market Commissioner Thierry Breton announced on Tuesday (3 December), after previous talks failed to produce an agreement among member states.

The revamped measures will be made in a bid to find consensus between EU countries on the ePrivacy regulation which would see tech companies offering messaging and email services subjected to the same privacy rules as telecommunications providers.

Although the new Internal Market Commissioner Breton is quoted as saying: “You can count on me to find consensus between each of us”, others are not so sure. Some now believe that the entire ePrivacy Regulation will be dropped as being too hard to fix. That would be an incredible waste of years of work, a missed opportunity — and a huge victory for the lobbyists.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Permalink | Comments | Email This Story

Techdirt.