Article 29 Working Party Opinion on the Proposed ePrivacy Regulation

The Article 29 Working Party has welcomed the proposal for a new ePrivacy Regulation but it is a welcome laced with ‘grave concerns’

The Article 29 Working Party has published its comments on the proposal for a new ePrivacy Regulation. Its Opinion can be downloaded here. The Opinion welcomes inter alia the following:

  • ·        the choice of a regulation as the regulatory instrument – thus ensuring that rules are uniform across the entire EU, providing clarity for supervisory authorities and organisations alike and ensuring consistency with the GDPR
  • ·        the decision to make the same authority responsible for monitoring compliance with GDPR responsible for the enforcement of ePrivacy rules
  • ·        the draft’s principled approach, using broad prohibitions and narrow exceptions, and the targeted application of the concept of consent
  • ·        the expansion of the scope of the Proposed Regulation to include Over-The-Top (OTT) providers
  • ·        the application of the proposed Regulation to content and associated metadata and its recognition that metadata may reveal very sensitive data.

However, the Working Party also raises four points of grave concern, relating to:

  • ·        the tracking of the location of terminal equipment
  • ·        the conditions under which the analysis of content and metadata is allowed
  • ·        tracking walls
  • ·        the default settings of terminal equipment and software.

In these respects, the Opinion suggests that the Proposed Regulation would lower the level of protection enjoyed under the GDPR and suggests how to remedy this.

With regard to WiFi-tracking, depending on the circumstances and purposes of the data collection, such tracking under the GDPR is likely either to be subject to consent, or may only be performed if the personal data collected is anonymised. In the latter case, the following four conditions have to be complied with: the purpose of the data collection from terminal equipment is restricted to mere statistical counting, the tracking is limited in time and space to the extent strictly necessary for this purpose, the data will be deleted or anonymised immediately afterwards, and there are effective opt-out possibilities. The European Commission is invited to promote a technical standard for mobile devices to automatically signal an objection against such tracking.

With regard to the analysis of content and metadata, the starting point should be that it is prohibited to process communications data without the consent of all end-users (senders and recipients). To allow providers to provide services explicitly requested by the user, such as for example search and indexing functionality, or text-to-speech services, there should be a domestic exception for the processing of content and metadata for the purely personal purposes of the user him or herself.

With regard to consent for tracking, the Working Party calls for an explicit prohibition on tracking walls, that is, take it or leave it choices that force users to consent to tracking if they want to have access to the service.

The Working Party recommends that terminal equipment and software must by default offer privacy protective settings, and offer clear options to users to confirm or change these default settings during installation. The settings must be easily accessible during use. Users must be enabled to signal specific consent through their browser settings. Privacy preferences should not be limited to interference by third parties or be limited to cookies. The Working Party strongly recommends making adherence to the Do Not Track standard mandatory.

The Working Party has also expressed concern about other issues, including direct marketing and seeks clarification on a number of points.


    This site uses cookies. By using the site you agree to our use of cookies as set out in our Privacy Policy.

    Please wait...