On 17 July, attachés from the EU member states will once again meet to discuss the Regulation on Privacy and Electronic Communications – or ePrivacy Regulation for short. After months of near-deadlock, there is a renewed impetus to move forward with this difficult file.
When Austria took over the six-month rotating Presidency of the Council of the EU on 1 July, it took on the unenviable responsibility of trying to broker an agreement among the member states on the ePrivacy Regulation. This piece of legislation aims to protect the privacy of electronic communications but has proven to be highly divisive since its introduction in January 2017. Austria hopes to broker a compromise so the Council can begin final negotiations with the European Commission and the European Parliament.
Just two weeks into its term, Austria has hit the ground running. On 10 July, member states received a compromise paper from the Presidency for discussion at the meeting on 17 July.
Many member states consider this meeting to be a litmus test. It is critical for the Austrian Presidency to lead the discussion and solve the most contentious issues around processing data and content, which have held up the planned replacement of the 2002 ePrivacy Directive for several months. The update is needed to bring the EU up to speed on technological developments, the meeting will not be plain sailing. Member states are split into four camps: those prioritising privacy, those focusing on innovation, those balancing the two, and finally a group of undecided member states.
It isn’t hard to see why the fourth camp exists. The legislation lacks clarity around some of the most important terms, like ‘end-user’ and ‘Internet of Things’. Member states have found that the Commission is sometimes unable to answer their questions, despite drafting the legislation in the first place.
The Austrian Presidency will focus on three articles in the ePrivacy Regulation. The first is Article 6, which sets out the possibilities for processing electronic communications data. It suggests broadening the scope to allow the processing of certain types of data for research, hoping that this will allay fears about stifling European innovation.
The second is Article 8, covering the storage and processing of data on end-users’ equipment. The Austrian Presidency hasn’t suggested major changes to the article, but it has added clarifications to the recitals that precede it, loosening the restrictions on using identifiers like cookies.
Finally, the Austrian Presidency has asked member states to discuss deleting Article 10, obliging software providers to inform the end-user every time privacy settings are updated. Several member states have questioned the value of this article because of the impact on end-users and on innovative businesses.
While the discussion is a step in the right direction, it does not answer all the concerns of industry. The possibilities for processing data remain tightly restricted. It may not be enough to convince the member states that the file is ready for the next stage of negotiations. Many countries are still worried about the vague wording of much of the legislation and remain deeply divided on the value and purpose of Article 10.
However, the political will to finalise the ePrivacy Regulation is growing. Having resisted pressure and criticism from the European Parliament and consumer organisations for months, member states realise that they need to finish the last files in the Digital Single Market before the European elections in 2019. If not, they face re-drafting the ePrivacy Regulation and starting all over again – and that thought alone is propelling them towards a compromise.
Author: Kirsten Williams, Policy Analyst, Access Partnership