The EU member states comply with the Council’s textual content for the information safety regulation for digital communications
On February 10, 2021, representatives of the EU member states reached an agreement on the negotiating mandate of the Council of the European Union (the “Council”) for the draft data protection regulation for electronic communications, which will replace the current directive on data protection for electronic communications. The text, approved by the EU Member States, was drawn up under the Portuguese Presidency and will form the basis for negotiations between the Council and the European Parliament on the final terms of the data protection regulation for electronic communications.
In its press release, the Council highlights the following key elements of the draft data protection regulation for electronic communications:
- Coverage of both electronic communication content and communication metadata (such as location, time and recipient of a communication). The text maintains the general principle that electronic communications data are confidential, which means that any malfunction (I.The interception, monitoring or other processing of data in connection with communications by persons other than the parties involved in the communication is prohibited, unless this is permitted by the ePrivacy Regulation. The processing of electronic communication data without the consent of the user is permitted, for example, if the integrity of communication services has to be ensured, malware or viruses have to be identified or if the laws of the EU or the EU member states allow processing for the prosecution of criminal offenses or the prevention of threats to public security . With regard to communication metadata, for example, the text enables processing for billing purposes, detecting or stopping fraudulent use, and protecting the vital interests of users, such as monitoring the spread of epidemics. In addition, providers of electronic communications networks and services can, in certain situations, process metadata for a purpose other than the one recorded, provided that this purpose is compatible with the original purpose and strict, specific protective measures apply to this purpose;
- Machine-to-machine data that is transmitted over a public network, as this is considered necessary to protect data protection rights in connection with Internet of Things applications;
- Users based in the EU, regardless of whether the processing of their data takes place outside the EU or the service provider is located in a non-EU jurisdiction;
The draft Electronic Communications Data Protection Regulation also includes requirements related to line identification, public directories, and unsolicited and direct electronic marketing.
The Council will now start talks with the European Parliament to negotiate the final text. These negotiations could prove difficult as the Council text could be seen as less privacy protective than the European Commission’s original January 2017 proposal.
Following its adoption by the Council and the European Parliament, the draft text provides for a transition period of two years, starting twenty days after the publication of the final text of the data protection regulation for electronic communications in the EU Official Journal.
Read the final draft of the ePrivacy Regulation.