Greetings from Brussels!
“Where art thou ePrivacy Regulation?” Amid all the pandemic-related news, this is a question I’ve heard being asked by many. Hold onto that thought — at the beginning of June, the Croatian Presidency of the Council of the European Union published a progress report on the status of the proposed ePrivacy Regulation.
The EU Presidency's report focuses on the more meaningful modifications to the draft ePrivacy Regulation with the introduction of processing of electronic communications metadata and the placing of cookies and similar technologies on users' devices where it is deemed necessary for the purpose of legitimate interests, subject to conditions and safeguards. Conditionality essentially refers to the use of legitimate interests not being available where the end user’s interests or fundamental rights and freedoms override the interests of the service provider; this is specified in the draft legislation.
The conclusion from the latest discussions was that the majority of Council members could not support the text as it currently stood, despite the Croatians proposing amendments that, in its view, simplified some core provisions while aligning with the GDPR. The progress report reveals that the introduction of legitimate interest was received with mixed views from EU member states. Several members would prefer not to include this legal basis, with the view to reverting to the previous text that includes a limited list of permitted processing grounds. Other member states were positive to the introduction as key proponents of the alignment with GDPR legislation, all the while emphasizing the priority to keep the right balance between the rights and interests of end-users and those of service providers. Some delegations took the view that the new proposals do not go far enough, asking for more clarity around information society services financed through advertising.
Matters have not been helped by the outbreak of COVID-19, and despite the Presidency’s best intentions, planned deliberations last week on the ePrivacy proposal in the Working Party on Telecommunications and Information Society were suspended. For a reminder, the WP TELE is composed of representatives and experts from each EU member state mandated with handling internal and external policy issues relating to information and communication technologies and infrastructure, the internet and the creation of the digital single market in Europe. The timing is clearly not ideal, and initial member state reactions only go to demonstrate the high level of work and dialogue still needed on this legislative file. As the Croatian Presidency comes to a close, the baton is handed over to Germans who will hold the EU Presidency from 1 July until the end of the year. No doubt the Croatians will work closely with the Germans for consistency and to ensure momentum on the file.
All said, it continues to be a long road for the proposed ePrivacy Regulation, which was first published back in January 2017 and intended to come into force alongside its sister legislation, the GDPR, in May 2018. Even when an eventual agreement is reached within the European Council, the colorful trialogue negotiations are the next step in the process requiring the agreement of the European Parliament. History shows us that those discussions can be equally contentious and drawn out in their deliberations.
My sense is that we have more road to cover before a final version of the ePrivacy Regulation is in our sights. With the economic recovery related to the pandemic high on member state agendas, it may well take the sunshine of Portugal, which takes on the Presidency in January 2021, before we see the fog lift. Vivemos na esperança …