The ePrivacy regulation proposal: a new data protection framework for electronic communications

14H05906_RF.jpgOn 10 January 2017, the European Commission presented a proposal for a regulation on privacy and electronic communications, repealing the ePrivacy Directive 2002/58/EC that was revised in 2009. The proposal aims to establish a new data protection legal framework by complementing the General Data Protection Regulation 2016/679 (GDPR) regarding electronic communications data.

The proposed regulation will be self-executing and legally binding in all Member States. This offers the benefit of legal certainty and uniform rules to help foster a digital single market. The ePrivacy proposal takes into account important technological and economic
development in electronic communications and will modernize existing principles according to new practices. It aims to ensure a high level of confidentiality protection in communications regardless of the technology used.

The proposal is currently going through the European Union (EU) legislative process. Both the Article 29 Working Party (WP29) and the European Data Protection Supervisor (EDPS) published their opinions in April 2017, as well as the European Economic and Social Committee (EESC) in July 2017. On 26 October 2017, the European Parliament voted in favor of the amendments proposed by the Committee on Civil Liberties, Justice and Home Affairs (LIBE) in a plenary session. For now, the new ePrivacy regulation is under discussion between Member States in the EU’s European Council. The Council issued a recap of its proposed amendments for the regulation on 4 May 2018; further
proposals were issued on 10 July 2018.

Next steps
The European Commission’s original intention was to make the ePrivacy regulation applicable starting 25 May 2018, in line with the GDPR. As a result of the complicated admission process and controversial discussions, this deadline has passed. In addition, both the EU Parliament and the European Council propose a one-year period of transition between the regulation’s entry into force and its application. Even if the final text is not yet adopted, it is recommended for organizations to already have in mind the upcoming ePrivacy Regulation and to anticipate some important elements in their GDPR strategy.

To read the recap of the proposed amendments, click here.

EY legal contacts:

Fabrice Naftalski

Fabrice Natalski – Data Protection Law Leader



Peter Katko – Global Leader Digital Law Leader