Download free GDPR compliance checklist!

Tag Archives for " ePrivacy "

Cookies and other tracking devices: the CNIL publishes new guidelines

Without waiting for the future ePrivacy regulation, which is currently under discussion at the European level and which is not likely to come into force in the short term, the CNIL has decided to update its reference framework. In particular, it was necessary to repeal the 2013 recommendation, which was not compatible with the new provisions of the GDPR.

Full article: Cookies and other tracking devices: the CNIL publishes new guidelines

ePrivacy Regulation Slowly Moves Forward

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021.

With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and in view of forthcoming EU parliamentary elections and procedural considerations, it is possible that the adoption of the ePrivacy Regulation may be delayed even further.

Full article: EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

Cookie consent – What “good” compliance looks like according to the ICO

On 3 July 2019, the UK data protection authority (the ICO) updated its guidance on the rules that apply to the use of cookies and other similar technologies.

The ICO has also changed the cookie control mechanism on its own website to mirror the changes in the new guidance.

Full article: Cookie consent – What “good” compliance looks like according to the ICO

French DPA to take action on online targeted advertisements

French data protection authority CNIL has received an important number of individual and collective complaints (La Quadrature du Net, Privacy International, NOYB) relating to online marketing. In 2018, 21% of the complaints were related to marketing in the broad sense.

Therefore, the CNIL has decided to make targeted online advertising a priority topic for 2019. In July, the CNIL will repeal its 2013 cookie recommendation that has become outdated in some respects (in particular for what concerns the expression of consent), and publish guidelines outlining the applicable rules of law.

Working sessions will be held in the second half of 2019 between the CNIL services and each category of stakeholders (content editors, advertisers, service providers and intermediaries in the marketing ecosystem, civil society), through their representative organizations.

The CNIL will carry out inspections on this the final recommendation 6 months after its final adoption.

Source: Online targeted advertisement: what action plan for the CNIL?

ICO admits its own cookie policy is non-compliant with GDPR

The Information Commissioners Office has admitted that its current consent notice relating to the use of cookies on devices failed “to meet the required GDPR standard”.

The issue relates to the automatic placing of cookies on a user’s mobile device when accessing the ICO’s website, which one complaint argued was in breach of the Privacy and Electronic Communications Regulations 2003, which sits alongside GDPR.

Source: ICO admits its own cookie policy is non-compliant with GDPR | IT PRO

Consumer contract law in the age of data

As part of its 2015 Digital Single Market Strategy, the European Commission proposed modernising the rules applicable to sales of goods and introducing similar rules for the supply of digital content (such as digital films, music, e-books, applications) and digital services (such as social media platforms, on-line games, pay-per-view access to films, cloud computing, etc.).

After more than 3 years of negotiations, the EU adopted a package comprising a directive on contracts for the supply of digital content and services and a directive on contracts for the sale of goods, both applicable in B2C relations.

Full article: The EU makes B2C contract law enter the age of data

Where is ePrivacy?

The ePrivacy Regulation has been referred to as the EU General Data Protection Regulation’s “sister legislation.”

But what kind of sister is it going to be? Will the ePR have an acrimonious love-hate relationship with the GDPR? Or, will it be loyal to the GDPR, satisfied with a pragmatic power-sharing arrangement? Or perhaps, leaving the GDPR behind, will ePR sit out on a revolutionary and bold pursuit of its own goals?

Read: The GDPR, one year on: What about ePrivacy?

EU Council still debating e-Privacy Regulation

e-Privacy Regulation is still some time away as the three party Trilogue negotiations between the European Parliament, Commission and the Council have not yet started due to the Council’s inability to reach a common position.

The Presidency has now introduced numerous clarifications in the context of Machine-to-Machine, Internet of Things and Artificial Intelligence. There have also been discussions on data retention and supervisory authorities with the aim of providing more flexibility for Member States, while respecting the requirements for independence.

The EU Telecoms Ministers will meet on 7 June 2019, and the EU Council Presidency will move from Romania to Finland on 1 July 2019.


The future of the ePrivacy Regulation and the impact of Brexit on its application in UK

The European Parliament set out its position on the Regulation in October 2017. However, the Council of the EU, which is made up of ministers of the Member States, has not yet come to a position on the legislation.

The Regulation cannot be adopted until the Council of the EU has come to a position and the Council of the EU and the European Parliament have agreed on a text. It is likely that any adoption of the Regulation will not take place before 2020.

Full article: The future of the ePrivacy Regulation and the impact of Brexit on its application in UK – Privacy, Security and Information Law Fieldfisher

Mind the overlap between GDPR and ePrivacy

Organisations need to be aware of the overlaps between European data protection and privacy rules, and which takes precedence, a privacy lawyer warns.

Understanding the interplay between the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) is more difficult than most organisations realise, according to Eduardo Ustaran, partner and global co-head of the privacy and cyber security practice at law firm Hogan Lovells.

Full article: Mind the overlap between GDPR and ePD, warns privacy lawyer