ePrivacy – An Outlook on a New Framework

Electronic devices are no longer a luxury; for most, electronic devices are imperative for daily tasks. We rely on digital technologies to simplify and generate information on transportation schedules, exact location or allow us to video chat with friends and family; perhaps rate and recommend local attractions or restaurants to other users.

The availability and exchange of information does simplify our lives but it also incurs risks on our privacy. Some of those risks have been mitigated while others are harder to pinpoint and foresee.

While respect for private life is a fundamental right as enshrined in Article 7 of the Charter of Fundamental Rights, new technologies are challenging our current laws. It is clear that old solutions provided by the 2002 ePrivacy Directive do not apply to new risks and that legislation on privacy needs to catch up to innovation.

While the Directive was revised in 2009, emerging technologies such as OTTs and machine-to-machine com- munications were not subject to its scope, leaving a gap in data protection and users’ privacy. That regulatory gap necessitates a new legal framework, one that is aligned with the General Data Protection Regulation (GDPR), and guarantees the confidentiality of communications and respect for private life, while taking into consideration the rapidly evolving digital tools, channels and platforms. That is why the new proposal for the ePrivacy

Regulation is of utmost importance. This new regulation, enabling harmonisation of the ePrivacy rules across the Member States, is an important part of the Digital Single Market package.

The ePrivacy Regulation is aimed at presenting a comprehensive framework for tackling electronic communications between people and between companies in a new digital environment. It also takes into consideration that information society services should be universally available for younger generations and for vulnerable groups who are becoming increasingly active in online communications.

All our online activities leave a digital footprint; users should be in charge of deciding how that footprint can be used and for what reasons.

Many users are not sufficiently aware of the risks for their privacy when using modern smart technologies nor do they have sufficient skills for protecting their own privacy. This situation creates widespread mistrust, preventing full enjoyment of those new opportunities.

Companies should provide a safer environment to users who can navigate, communicate, purchase and use digital services risk free and without the fear of jeopardising their privacy. Only this will safeguard the freedom of thought and enable personal autonomy, democracy and equality in the mediated world. It is important for users to be given full information of what is being done with their data online and how they can take active steps to decide how they want their data to be used. If the service is interested in using users’ info for any other purpose other than what is necessary for providing that specific service, then companies need to require the consent of the person.

Seeing that online communications can reveal sensitive data about a person’s line of work, health, relationships and finances, requiring users’ consent should not be viewed as something unattainable; rather, it is a way to respect fundamental principles and provide a trustworthy service to users. We cannot underestimate people’s concern over online privacy, as studies have shown that most people using electronic communications are worried about being tracked and do not trust that their data is handled with care.

While the Regulation takes a strong stance on confidentiality of a user’s communications, it also aims at upholding the added value that innovation and digital services offer to people. Providing users with protection from potential risks of digital innovations is not aimed at hampering their benefits.

The ePrivacy Regulation will challenge businesses to develop innovative communication devices that are privacy-friendly by default and by design and thus help users be in charge of their own lives in the online world.

As set out in the draft report of the European Parliament, nobody should be granted the right to intervene in anybody’s private life or to access his or her personal devices without consent or without a strict technical or legal necessity. In order to innovate their services and develop new devices, European industries need the confidence of European consumers.

That is why the new privacy legislation takes into account the benefits for both businesses and users. For example, strengthening the rules of targeted advertising is not destined to restrict businesses from expanding but to engage them more actively in meaningful communications with the users.

People should have a clear understanding of how their personal information can be processed by the service provider and used, stored and exchanged for purposes other than the ones initially suggested. People are more than willing to agree to being tracked by a certain service or a website if they trust it and approve the purposes for information processing. However, if they discover that the website grants other trackers unauthorised access to their private information, including to the metadata of their activities or their network of contacts, issues regarding confidentiality and privacy continue to persist.

The new e-Privacy regulation is called to tackle the growing concerns of citizens and to guarantee that confidentiality remains an unbreakable principle of all electronic communications online. European Digital Single Market needs strong protection of privacy in order to enjoy the high trust of European customers.