While companies prepare for the EU General Data Protection Regulation (GDPR) to take effect in May 2018, another highly significant item on the agenda is arguably the current review process of the proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation). Last week, the UK Information Commissioner's Office (ICO) and the Article 29 Working Party (Working Party) both released key information on the process and substantive issues that will ultimately shape the final version of the ePrivacy Regulation:
On April 4, 2017, the Working Party issued an opinion on the proposed ePrivacy Regulation, stating that it "welcomes" the European Commission's current proposal, which was unveiled on January 10, 2017, but that the Working Party is "highly concerned" about four key areas related to: The tracking of the location of terminal equipment (such as via Wi-Fi or Bluetooth); The conditions under which the analysis of content and metadata is allowed; The default settings of terminal equipment and software; and "Tracking walls." On April 6, 2017, the ICO published a blog post highlighting the upcoming process for ePrivacy reform and the ICO's role in drafting and providing guidance on the proposal. As we have noted, the ePrivacy Regulation—which would repeal and replace Directive 2002/58/EC (commonly known as the "ePrivacy Directive" or "Cookie Directive")—will have far-reaching impacts on the electronic communication sector and other online companies, including: websites, mobile apps, and other online services; third-party service providers (e.g., advertising, analytics, and other online technology providers); web browser and other software providers; and telecommunications and electronic communications services. Accordingly, companies may want to think strategically about how such changes will affect their businesses and consider reaching out to local data protection authorities that may play an active role in shaping the final draft, such as the ICO.
UK ICO Blog Post on ePrivacy Reform Process
In its blog post describing the process for overhauling the ePrivacy Directive, the ICO notes that the ePrivacy Regulation is due to come into effect in May 2018 alongside the GDPR. Accordingly, the next step is for the European Parliament and European Council to review the draft and come together at the end of this year to negotiate the final text. The ICO also summarizes some of the ePrivacy Regulation's major changes from current law,...