Hot on the heels of the adoption of the European General Data Protection Regulation (“GDPR” – see our FAQs and video on it here) the EU is now proposing to reform EU Directive 2002/58/EC on Privacy and Electronic Communications (http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32002L0058) (“the EU e-Privacy Directive”) and has launched a public consultation (https://ec.europa.eu/digital-single-market/en/news/public-consultation-evaluation-and-review-eprivacy-directive).
The EU e-Privacy Directive sets out rules about how internet service providers and telecoms companies must manage their subscribers’ data, including provisions about compulsory data breach notification, anonymizing and erasing traffic and location data, and, the obligation to get prior consent to receive “spam” communications.
A key aim of the current overhaul of the e-Privacy Directive (which was last updated in 2009) is to ensure consistency with the GDPR, which is expected to be fully in force in summer 2018. Alignment with the forthcoming EU Cybersecurity Directive also plays a minor feature in the consultation. Issues that will be examined in this GDPR consistency context include:
- Overlaps in areas like data breach notifications;
- Application of the GDPR One Stop Shop regulator mechanism in cross-border EU Member State matters concerning the (to-be-revised) e-Privacy Directive; and,
- Fines for infringements in possible areas such as breach of confidentiality of communications.
Interested parties have until Tuesday 5 July 2016 to respond to the European Commission consultation (the 21-page 33-question questionnaire can be found at https://ec.europa.eu/eusurvey/runner/EPRIVACYReview2016) following which the Commission intends to issue a draft legislative proposal later in the year.
These changes, coupled with the forthcoming GDPR, the uncertainty over data transfer and Privacy Shield (which we’ve covered here) and more changes on the horizon mean that businesses need to plan properly for the future. Our experience is that proper procedures and a flexible plan for future legal change is realistic and achievable. Planning rather than panic is key.
Cordery has an established reputation in GDPR, data protection and cybersecurity. There are more details of what we do here. We write regularly and produce films about data protection and privacy issues which can be found here.
For more information please contact André Bywater or Jonathan Armstrong who are lawyers with Cordery in London where their focus is on compliance issues.
André Bywater, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1785
Jonathan Armstrong, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1784