Download free GDPR compliance checklist!

Tag Archives for " ePrivacy "

ICO admits its own cookie policy is non-compliant with GDPR

The Information Commissioners Office has admitted that its current consent notice relating to the use of cookies on devices failed “to meet the required GDPR standard”.

The issue relates to the automatic placing of cookies on a user’s mobile device when accessing the ICO’s website, which one complaint argued was in breach of the Privacy and Electronic Communications Regulations 2003, which sits alongside GDPR.

Source: ICO admits its own cookie policy is non-compliant with GDPR | IT PRO

Consumer contract law in the age of data

As part of its 2015 Digital Single Market Strategy, the European Commission proposed modernising the rules applicable to sales of goods and introducing similar rules for the supply of digital content (such as digital films, music, e-books, applications) and digital services (such as social media platforms, on-line games, pay-per-view access to films, cloud computing, etc.).

After more than 3 years of negotiations, the EU adopted a package comprising a directive on contracts for the supply of digital content and services and a directive on contracts for the sale of goods, both applicable in B2C relations.

Full article: The EU makes B2C contract law enter the age of data

Where is ePrivacy?

The ePrivacy Regulation has been referred to as the EU General Data Protection Regulation’s “sister legislation.”

But what kind of sister is it going to be? Will the ePR have an acrimonious love-hate relationship with the GDPR? Or, will it be loyal to the GDPR, satisfied with a pragmatic power-sharing arrangement? Or perhaps, leaving the GDPR behind, will ePR sit out on a revolutionary and bold pursuit of its own goals?

Read: The GDPR, one year on: What about ePrivacy?

EU Council still debating e-Privacy Regulation

e-Privacy Regulation is still some time away as the three party Trilogue negotiations between the European Parliament, Commission and the Council have not yet started due to the Council’s inability to reach a common position.

The Presidency has now introduced numerous clarifications in the context of Machine-to-Machine, Internet of Things and Artificial Intelligence. There have also been discussions on data retention and supervisory authorities with the aim of providing more flexibility for Member States, while respecting the requirements for independence.

The EU Telecoms Ministers will meet on 7 June 2019, and the EU Council Presidency will move from Romania to Finland on 1 July 2019.


The future of the ePrivacy Regulation and the impact of Brexit on its application in UK

The European Parliament set out its position on the Regulation in October 2017. However, the Council of the EU, which is made up of ministers of the Member States, has not yet come to a position on the legislation.

The Regulation cannot be adopted until the Council of the EU has come to a position and the Council of the EU and the European Parliament have agreed on a text. It is likely that any adoption of the Regulation will not take place before 2020.

Full article: The future of the ePrivacy Regulation and the impact of Brexit on its application in UK – Privacy, Security and Information Law Fieldfisher

Mind the overlap between GDPR and ePrivacy

Organisations need to be aware of the overlaps between European data protection and privacy rules, and which takes precedence, a privacy lawyer warns.

Understanding the interplay between the European Union’s General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) is more difficult than most organisations realise, according to Eduardo Ustaran, partner and global co-head of the privacy and cyber security practice at law firm Hogan Lovells.

Full article: Mind the overlap between GDPR and ePD, warns privacy lawyer

EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU). The case centers on the use of consent for the processing of personal data and consent for the use of cookies.

In the Advocate General’s view, the pre-ticked box for cookies does not provide a valid active consent under the GDPR nor under the ePrivacy Directive. Moreover, he considers that the ePrivacy Directive’s consent requirement for cookies applies irrespective of whether the collected data qualify as personal data.

Source: EU Advocate General Issues Opinion on Consent for Cookies and Intersection with the GDPR

e-Privacy breaches can rise GDPR fines

Businesses face higher fines if their processing of personal data is found to breach both the General Data Protection Regulation (GDPR) and EU ‘e-Privacy’ rules, according to a new opinion issued by the European Data Protection Board (EDPB).

The EDPB’s opinion, issued earlier this month, concerns the interplay between the e-Privacy Directive and the GDPR.

Full article: GDPR: ‘e-Privacy’ breaches can be factored into fines

EDPB clarifies the interaction between the GDPR and ePrivacy Directive

The European Data Protection Board (EDPB) met for their eighth plenary session on 12 and 13 March 2019. On the session EDPB adopted:

During session EDPS also adopted:

What happens to ePrivacy under the Romanian presidency?

What chance does the ePrivacy Regulation have of getting anywhere during the first half of this year?

As the first month of the Romanian presidency of the Council draws to a close and as elections for the next European Parliament loom, the outlook is not good.

Full article: What happens to ePrivacy under the Romanian presidency?