The big vote on the ePrivacy Regulation in the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs will be delayed by at least a week. Originally scheduled for Oct. 12, agreement among MEPs on the text has been difficult to reach, insider sources told the IAPP.

So-called shadow rapporteurs (members of Parliament who represent the different political groups) met Wednesday evening but failed to agree on a compromise text. Two more meetings are now scheduled for next week.

Meanwhile, two other advisory committees and the European Data Protection Supervisor have weighed in with their opinions.

The Legal Affairs and Industry, Research and Energy committees have advisory roles to play in the Parliament, while the EDPS’ position is often taken into account by the European Commission.

In its vote Oct. 2, JURI adopted amendments that would ensure the privacy of communications — including emails, SMS and direct messaging — would be protected at rest as well as in transit. The committee also voted to include a “privacy by default” approach — in other words, software settings would automatically be set to prevent tracking and collection of data.

ITRE, however, took a different view and instead supported the European Commission proposal that would require users to select privacy settings from a list of options rather than going for the most secure option by default.

According to digital rights organization EDRi, “This supports the current industry practice of hiding privacy options in misleading language that is almost impossible to understand.”

According to digital rights organization EDRi, “This supports the current industry practice of hiding privacy options in misleading language that is almost impossible to understand.”

That view is supported by EDPS Giovanni Buttarelli, who said in his opinion, “It is time to stop users being deprived, often unwittingly, of control over their communications and data; time to stop the forcing of consent through ‘tracking walls,’ to stop the promotion of default settings, to stop the use of tracking technologies that escape detection.”

While applauding the Commission proposal for the new ePrivacy Regulation as a step in the right direction, Buttarelli went on to take aim at the behavioral advertising industry.

“Tracking and advertising are not the same. Advertising flourished before it was connected to ever closer tracking of user behaviour. Moreover, tracking is increasingly being used beyond commercial advertising, as we see in today’s urgent concerns about micro-targeted political campaigns,” he said.

The limiting factor for effective user control is not the technology, said the EDPS, before pointing out the amazingly complex and efficient real-time advertising auction mechanisms that take place within a split second of a user clicking on a website. “Where the interests of businesses are at stake,” he said, “we observe tremendous efforts and incredible achievements in the development of technologies.

“This real-time-bidding process operates without human intervention. The bidding, the management of the auction, the related billing and payment processes are all completed by automated tools connected to each other via the internet. After the auction of the user’s screen space, it distributes the advertisements revenue between the parties involved and it uses more and more sophisticated tools to protect against attempts of fraud such as clickbots.”

Buttarelli remarked that content producers and publishers increasingly hand control over to the advertising industry, “with the different roles of brokers, agencies, aggregators, etcetera, taking an ever-increasing share of the advertising budgets from the brands who pay for publicity.”

For this reason he said, “We cannot accept that technological limits are given as a reason not to provide users with effective tools for transparency and control to maintain their privacy when they use the Internet and electronic communications services.”

“Every second," he continued, “billions of transactions prove that it is possible to create systems and tools to manage complex relationships, ensure that the interests of the interested parties are respected, and ensure that all participants can trust the system. Alas, these benefits seem at present only available to the parties with purely financial interests in the system. They are not available to all of us — the individuals whose personal data provide the 'oil' fuelling the entire ecosystem. Our interests and fundamental rights, our privacy and protection of personal data are of no concern to the designers of the system.”

The EDPS position tallies closely with that of the rapporteur in charge of steering the law through Parliament, Marju Lauristin. She is working to coordinate more than 800 proposed amendments to the original Commission text and work out compromises in the LIBE committee while taking into account the views of the advisory JURI, ITRE and IMCO (internal market and consumer protection) committees — hence, the complicated business of reaching an agreement.

Once LIBE does finally vote on its position, its text will then be put to the European Parliament as a whole in plenary. Once that is done, discussions can move ahead with the European Commission and national representatives. So while work continues apace, reaching a deal before the GDPR comes into force next May is still a tall order.