EU justice committee passes amended ePrivacy directive

The European Parliament’s Civil liberties, Justice and Home affairs Committee (LIBE) has approved the revised ePrivacy directive. Telecom industry groups have opposed the directive first proposed by the European Commission in January and said the LIBE committee has made the legislation even worse for the sector.

The ePrivacy directive applies specifically to the privacy of electronic communications, notably protecting confidentiality and personal data. The telecom industry has largely opposed the directive, saying it both overlaps and times contradicts the EU’s General Data Protection Directive, which will take effect in May 2018. ETNO said the parliamentary committee has created further discrepancies with the GDPR in its vote and called on legislators to remedy the problems. 

The ePrivacy directive also covers issues such as the use of tracking cookies on websites and apps. LIBE notably introduced additional consumer protections in its version of the legislation to address issues such as what companies can do with personal data collected online. These were welcomed by the European Digital Rights organisation, which said “clear rules for privacy by default” on software as well as hardware are needed to ensure trust and fair competition in the market. 

The mobile industry group GSMA said the ePrivacy directive was going beyond the basic principle of protecting confidentiality and creating a set of obligations inconsistent with the GDPR. It said that any rules restricting the use of personal data should be “qualified and proportional to the risk of privacy harm that consumers might suffer if their data is misused and should not discriminate based on industry sector or technology”. 

German digital industry group Bitkom warned that the parliamentary committee’s legislation could threaten both traditional internet services and the emerging IoT by largely prohibiting personal data processing and allowing very few exceptions. Furthermore, it risks creating legal confusion with the specific rules beyond the GDPR for certain sectors. 

Before the new directive takes effect, EU member states must also approve the legislation through the Council. Tripartite negotiations will then be needed between the Parliament, Council and Commission to agree a final version of the directive.