In early 2017, the European Commission proposed updating the Privacy and Electronic Communications Regulation in a bid to replace the existing laws.
The draft regulation, dubbed the ePrivacy Regulation, provides a set of new rules on the use of cookies and direct marketing through electronic communications. If it comes into force, the new law would update the current rules on confidentiality of electronic communications, and bring service providers within the scope of the EU’s ePrivacy laws for the first time.
The UK ICO’s submission to the EU’s consultation on the issue said the rules should be tweaked to “achieve a proportionate balance” between privacy rights and “legitimate interests of information society services”.
Users of electronic communications services would also obtain a new right to object to the processing of their electronic communications data, and could potentially win compensation from communication providers if they have “suffered material or non-material damage as a result of an infringement” of the new rules by those companies, said law firm Pinsent Masons.
It was anticipated that the ePrivacy Regulation would launch at the same time as GDPR, and sit within its scope. However, further deliberation on ePrivacy has delayed its enactment, and so it’s now unlikely to appear until late 2019.
A full guide to the upcoming ePrivacy Regulation, and how it will fit into wider data protection policies, is available here.