‘The GDPR on steroids’: The ePrivacy Regulation

Even as Europe finished the final preparations for the implementation of the GDPR, the Brussels machine began gearing up for the next round of battles on data protection. This time, the fight is over what's been dubbed the “GDPR on steroids" — the ePrivacy Regulation.

Even as Europe finished the final preparations for the implementation of the GDPR, the Brussels machine began gearing up for the next round of battles on data protection. This time, the fight is over the ePrivacy Regulation – dubbed by British MEP Daniel Dalton as “GDPR on steroids.”

Celebrated by some privacy advocates and feared by large swathes of the private sector, the ePrivacy Regulation aims to protect a user’s privacy at every stage of an online interaction. A noble goal, but the broad language in the Commission’s draft means that any business “in connection with the provision and use of electronic communications services” falls into scope. In other words, cookies, firewalls, apps on mobile devices, and even gaming consoles that include a messaging app as an extra feature are all covered by the ePrivacy Regulation.

Lose-lose

The draft regulation has provoked some of the most intense and polarising lobbying campaigns ever seen in Brussels. The advertising industry made many enemies by unrelentingly campaigning against the legislation and warning that legitimate business models based on advertising would be decimated. However; responses from MEPs indicate all this did was alienate the European Parliament and solidify its resolve to protect end-users from intrusive tracking and targeting.

The tech industry is equally concerned by the legislation. With only narrow exceptions for the processing of electronic communications data, innovative firms in the EU and beyond are worried that this could throw their entire business models into jeopardy. Even basic tools like spam filters could fall into scope, and that’s before they think about how the restrictions on processing metadata in the ePrivacy Regulation could affect their machine learning and artificial intelligence prospects.

Civil rights organisations and big technology companies do not always see eye-to-eye, but in the ePrivacy Regulation they have found a common enemy. While electronic communications providers worry about what they can’t process or store, NGOs are warning that the allowances for what governments can do with communications data invite overreach. Vague wording in the draft legislation suggests that governments would be able to access data without consent for “reasons of public interest.”

Even supporters of the Regulation are becoming dissatisfied; consumer rights organisations, who support the legislation, have become increasingly angry as they watch EU member states attempt to delay or soften it. Even when it does come into force, it seems unlikely that anyone will be pleased with its final form.

What next?

The European Parliament rushed the legislation without seriously considering the impact on future business models. Having passed the Parliament despite some obscure wrangling, it’s up to member states to negotiate their own version of the legislation — but they’ve been reluctant to move forward, to say the least.

At the last Telecoms Council, ministers politely praised the efforts by Bulgaria, the current holder of the six-month Council Presidency, to find a compromise. But behind the civility, the message was clear: the file was not “mature enough,” in the words of the Czech representative, to begin negotiations.

The Commission had planned for the ePrivacy Regulation to come into force on the same day as the GDPR. It quickly became apparent that this would not be the case. The Austrian Presidency — which begins on 1 July — has set a deadline for concluding the work before the end of the year, but even this is highly ambitious for one of the most controversial digital files of recent times.

If the member states, represented in the Council of the EU, come to an agreement before the end of the year, they can begin negotiations with the Parliament and the Commission. However, that is a big “if.” If negotiations between the institutions have not begun by the end of the year, there is a strong possibility that the proposal could collapse altogether, forcing the Commission to re-start the drafting process. That could be the best opportunity for the EU to create a future-proof piece of legislation that strikes a balance between innovation and privacy.

Author: Kirsten Williams, Policy Analyst, Access Partnership

You may also find interesting:

Related Articles

AI for All in Thailand: Building an AI-ready economy with Google

AI for All in Thailand: Building an AI-ready economy with Google

อ่านบทความนี้เป็นภาษาไทย A doctor in Bangkok analyzes medical images with AI, leading to a faster, more accurate diagnosis for her patient....

19 Dec 2024 AI Policy Lab
The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

This month’s UNCCD COP16 in Riyadh marked a pivotal moment in combating global land degradation and drought, with outcomes including...

13 Dec 2024 Opinion
Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

A recent panel discussion at the Bengaluru Tech Summit 2024 on 20 November 2024 focused on the transformative role of...

29 Nov 2024 Opinion
Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

The rise of deepfakes – AI-generated content that manipulates audio, video, or images to create realistic but false representations –...

29 Nov 2024 Opinion