Consent remains major ePrivacy sticking point for EU bodies

Only a few minutes into his session at the IAPP Privacy. Security. Risk. conference in Austin, Texas, WilmerHale Cybersecurity and Privacy Practice Group Co-Chair Reed Freeman, CIPP/US, did not mince words on the current status of the ePrivacy Regulation.

"The ePrivacy Regulation is a giant mess, it’s a bigger mess than the [California Consumer Privacy Act of 2018]," he said. "There is so much uncertainty about whether it is needed, what is required and what is the process for all of this. Nevertheless it is out there, and it might happen."

At the heart of the ePrivacy Regulation's issues is the matter of consent, but before Freeman broke down that problem, he offered attendees of his breakout session a recap of a trio of texts from European Union bodies.

The European Union their report Oct. 20, 2017  The final piece of note was the Austrian presidency's 

A consent-centric model to data processing is one Freeman notes would violate the European Commission's message on competition. Hundreds of third parties, he argued, would not be able to do business should Parliament and the Commission get their way.

Freeman notes, however, that not all hope is lost. The sense Freeman gets from the Council is that the body is in no rush to finalize their report and make the ePrivacy Regulation a reality. Of course, that would lead to another set of questions altogether, such as whether the GDPR should be amended in the absence of the legislation. Should the Parliament and Commission want to make ePrivacy happen, Freeman believes the Council may have some leverage to get them to move off of their stance on consent.

Just don't expect any of this to happen any time soon.

"It will be a while before we see a final ePrivacy Regulation," said Freeman. "When I proposed to speak on this topic, I had supposed that by now we would be in trilogue negotiations and there would be some clarity. The message today is there is no clarity."