BETA


2017/0003(COD) Privacy and Electronic Communications

Progress: Awaiting Parliament's position in 1st reading

RoleCommitteeRapporteurShadows
Lead LIBE SIPPEL Birgit (icon: S&D S&D)
Former Responsible Committee LIBE
Former Responsible Committee LIBE SIPPEL Birgit (icon: S&D S&D)
Committee Opinion ENVI
Committee Opinion ITRE
Committee Opinion IMCO
Committee Opinion JURI
Former Committee Opinion ENVI
Former Committee Opinion ENVI
Former Committee Opinion ITRE
Former Committee Opinion ITRE
Former Committee Opinion IMCO
Former Committee Opinion IMCO
Former Committee Opinion JURI
Former Committee Opinion JURI
Lead committee dossier:
Legal Basis:
TFEU 016-p2, TFEU 114

Events

2024/09/30
   EP - SIPPEL Birgit (S&D) appointed as rapporteur in LIBE
2019/10/21
   EP - Committee referral announced in Parliament, 1st reading
2019/09/04
   EP - SIPPEL Birgit (S&D) appointed as rapporteur in LIBE
2017/12/04
   CSL - Debate in Council
Documents
2017/12/04
   CSL - Council Meeting
2017/10/25
   EP - Committee decision to enter into interinstitutional negotiations confirmed by plenary (Rule 71 - vote)
2017/10/23
   EP - Committee report tabled for plenary, 1st reading
Details

The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Marju LAURISTIN (EE, S&D) on the proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications).

The present ePrivacy proposal seeks to achieve the modernisation of the Union data protection legal framework commenced by the General Data Protection Regulation ( Regulation (EU) 2016/679 (GDPR)) and repeals the current ePrivacy Directive 2002/58/EC in order to align its rules to those of the GDPR and to establish a legal framework, which takes account of the important technological and economic developments in the electronic communication sector.

The committee recommended that the European Parliament’s position adopted at first reading under the ordinary legislative procedure should amend the Commission proposal as follows:

Scope : Members stated that the proposal shall apply to:

the processing of information related to or processed by the terminal equipment of end-users; the placing on the market of software permitting electronic communications; the provision of publicly available directories of users of electronic communications; the sending of direct marketing electronic communications to end-users.

Members also introduced the definition of "end user" , which is a legal entity or natural person using or requesting a publicly available electronic communications service; and that of "user" which covers any natural person using a publicly available electronic communications service for private or business purposes without necessarily having subscribed to that service.

Confidentiality of communications : Members proposed that the confidentiality of electronic communications shall also apply to data related to or processed by terminal equipment.

Providers of electronic communications networks and services may process electronic communications data only if it is technically necessary to achieve the transmission of the communication, for the duration necessary for that purpose.

Any interference with the content of electronic communications shall be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse.

Protection of information stored in or related to users’ terminal equipment : the Commission proposal aims to protect the information stored in the user’s terminal equipment from accessing it or installing or placing software or information without the consent of the user.

The amendments tabled are intended to provide a higher level of protection by ensuring legal consistency with the General Data Protection Regulation (GDPR). In this regard, the conditions allowing access to user’s terminal equipment or to information emitted by it are better framed and the conditions for user’s consent is brought in line with the GDPR.

In the context of employment relationships, access to the user's terminal equipment shall only be possible if it is strictly technically necessary for the execution of an employee's task, where: (i) the employer provides and/or is the user of the terminal equipment; (ii) the employee is the user of the terminal equipment; and (iii) it is not further used for monitoring the employee.

It is also specified that no user may be denied access to any information society service or functionality, regardless of whether this service is remunerated or not, on grounds that the end-user does not provide consent for processing any data that is not strictly necessary for the functionality requested by the end-user.

Options for privacy settings : this Regulation shall prevent the use of so-called "cookie walls" and "cookie banners" that do not help users to maintain control over their personal information and privacy or become informed about their rights.

Electronic communications software (such as browsers, operating systems and applications) shall be configured in a way that privacy is protected, and the tracking and storage of information on the terminal equipment by third parties are prohibited by default . Software providers of this type shall provide sufficiently detailed options to allow the user to consent to each distinct category of purposes.

At the same time, the user shall have the option to change or confirm the privacy setting options any time after installation.

The settings shall include a signal which is sent to the other parties to inform them about the user's privacy settings. These settings shall be binding on, and enforceable against, any other party.

Unsolicited communications for direct marketing : the use by natural or legal persons of electronic communications services, including automated calling, communications systems, semi-automated systems that connect the call person to an individual, faxes, e-mail or other use of electronic communications services for the purposes of presenting or sending direct marketing communications to users, shall be allowed only in respect of users who have given their prior consent .

The Regulation shall prohibit the masking of the identity and the use of false identities, false return addresses or numbers while sending unsolicited communications for direct marketing purposes is prohibited.

Restrictions on the confidentiality of communications : the scope of the rights provided for in the Regulation may be restricted by law provided that the restriction fully respects the essence of fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard (i) national security, (ii) defence; iii) public security.

Documents
2017/10/23
   EP - Committee decision to enter into interinstitutional negotiations announced in plenary (Rule 71)
2017/09/24
   NL_SENATE - Contribution
Documents
2017/07/05
   ESC - Economic and Social Committee: opinion, report
Documents
2017/06/28
   IT_CHAMBER - Contribution
Documents
2017/06/09
   CSL - Debate in Council
Documents
2017/06/09
   CSL - Council Meeting
2017/06/06
   DE_BUNDESRAT - Contribution
Documents
2017/05/04
   CZ_SENATE - Contribution
Documents
2017/04/24
   EDPS - Document attached to the procedure
Details

OPINION of the European Data Protection Supervisor on the Proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation).

The EDPS shares the view that there is a continued need to have specific rules to protect the confidentiality and security of electronic communications in the EU. He therefore welcomes the Commission proposal for a modernised, updated and strengthened ePrivacy Regulation. He also welcomes the declared ambition to provide a high level of protection with respect to both content and metadata.

However, the EDPS remains concerned about a number of provisions , particularly the following:

the definitions under the proposal must not depend on the separate legislative procedure concerning the Directive establishing the European Electronic Communications Code; the provisions on end-user consent need to be strengthened. Consent must be requested from the individuals who are using the services, whether or not they have subscribed for them and from all parties to a communication; the relationship between the General Data Protection Regulation (GDPR) and the ePrivacy Regulation should not leave loopholes for the protection of personal data; access to websites must not be made conditional upon the individual being forced to ‘consent’ to being tracked across websites (cookie walls); the proposal fails to ensure that browsers will by default be set to prevent tracking individuals' digital footsteps; the exceptions regarding tracking of location of terminal equipment are too broad and lack adequate safeguards.

The EDPS notes the importance of a swift processing of this dossier by the legislators, to ensure that the ePrivacy Regulation, as intended, may apply as of 25 May 2018, the date when the GDPR itself will also become applicable.

2017/04/19
   PT_PARLIAMENT - Contribution
Documents
2017/04/04
   CZ_CHAMBER - Contribution
Documents
2017/03/31
   ES_PARLIAMENT - Contribution
Documents
2017/03/07
   NL_SENATE - Contribution
Documents
2017/02/16
   EP - Committee referral announced in Parliament, 1st reading
2017/01/11
   EC - Document attached to the procedure
2017/01/11
   EC - Document attached to the procedure
2017/01/11
   EC - Document attached to the procedure
2017/01/11
   EC - Document attached to the procedure
2017/01/10
   EC - Legislative proposal published
Details

PURPOSE: to enhance protection of confidentiality of electronic communications.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: the ePrivacy Directive ( Directive 2002/58/EC ) ensures the protection of fundamental rights and freedoms, in particular the respect for private life, confidentiality of communications and the protection of personal data in the electronic communications sector. It also guarantees the free movement of electronic communications data, equipment and services in the Union.

The Commission carried out an ex post evaluation of the ePrivacy Directive. It follows from the evaluation that the objectives and principles of the current framework remain sound. However, important technological and economic developments took place in the market since the last revision of the ePrivacy Directive in 2009. The Directive has not kept pace with technological developments , resulting in a void of protection of communications conveyed through new services.

A Eurobarometer survey on ePrivacy was conducted throughout the EU. The key findings are the following:

78% say it is very important that personal information on their computer, smartphone or tablet can only be accessed with their permission; 72% state that it is very important that the confidentiality of their e-mails and online instant messaging is guaranteed; 89% agree with the suggested option that the default settings of their browser should stop the sharing of their information.

This proposal seeks to update the legal framework . It aims at reinforcing trust and security in the Digital Single Market – a key objective of the Digital Single Market strategy . The draft Regulation also aligns the rules for electronic communications services with the new world-class standards of the EU's General Data Protection Regulation (Regulation (EU) 2016/679).

IMPACT ASSESSMENT: the preferred option offers a measured reinforcement of privacy/confidentiality by extending the scope of the legal instrument to include new functionally equivalent electronic communications services and which protects against unsolicited communications and simplifies and clarifies the regulatory environment.

CONTENT: this proposed new Regulation seeks to enhance protection of confidentiality of electronic communications by extending the scope of the legal instrument to include new functionally equivalent electronic communications services . Like the European Electronic Communications Code, this proposal also brings the Over-the-Top (OTT) providers in its scope to reflect the market reality.

Confidentiality of electronic communications : the proposal:

contains the key provisions ensuring the limited permitted purposes and conditions of processing such communications data: privacy will be guaranteed for both content and metadata derived from electronic communications (e.g. time of a call and location). Both have a high privacy component and, under the proposed rules, will need to be anonymised or deleted if users have not given their consent, unless the data is required for instance for billing purposes; addresses the protection of terminal equipment , by (i) guaranteeing the integrity of the information stored in it and (ii) protecting information emitted from terminal equipment, as it may enable the identification of its end-user; details the consent of end-users , where technically possible and feasible, consent may be expressed by using the appropriate technical settings of a software application enabling access to the internet. End-users who have consented to the processing of electronic communications data shall be given the possibility to withdraw their consent at any time and be reminded of this possibility at periodic intervals of 6 months, as long as the processing continue; imposes an obligation on providers of software permitting electronic communications to help end-users in making effective choices about privacy settings.

Rights of end-users to control the sending and reception of electronic communications : with a view to protecting their privacy, the new Regulation proposed:

the right of end-users to prevent the presentation of the calling line identification to guarantee anonymity; the obligation for providers of publicly available number-based interpersonal communication to provide for the possibility to limit the reception of unwanted calls; the regulation of the conditions under which end-users may be included in publicly available directories and the conditions under which unsolicited communications for direct marketing may be conducted.

Supervision and enforcement of this Regulation : this shall be entrusted to the supervisory authorities in charge of the GDPR. The powers of the European Data Protection Board are extended and the cooperation and consistency mechanism foreseen under the GDPR will apply in case of cross-border matters related to this Regulation.

Documents

Votes

A8-0324/2017 - Marju Lauristin - Décision d'engager des négociations interinstitutionnelles 26/10/2017 12:21:07.000 #

2017/10/26 Outcome: +: 318, -: 280, 0: 20
IT BG ES EL SE AT BE EE LU PT DE CY IE FI LT DK MT NL HR SI HU LV RO FR CZ SK GB PL
Total
55
14
45
16
19
16
20
5
6
15
75
5
10
11
8
10
6
21
11
7
18
7
27
61
18
9
55
46
icon: S&D S&D
166

Greece S&D

2

Estonia S&D

For (1)

1

Luxembourg S&D

For (1)

1

Cyprus S&D

2

Ireland S&D

For (1)

1

Denmark S&D

2

Malta S&D

3

Netherlands S&D

3

Croatia S&D

2

Slovenia S&D

For (1)

1

Latvia S&D

1

Czechia S&D

3

Slovakia S&D

1
icon: Verts/ALE Verts/ALE
41

Italy Verts/ALE

For (1)

1

Austria Verts/ALE

2

Belgium Verts/ALE

2

Estonia Verts/ALE

For (1)

1

Luxembourg Verts/ALE

For (1)

1

Finland Verts/ALE

For (1)

1

Lithuania Verts/ALE

For (1)

1

Denmark Verts/ALE

For (1)

1

Netherlands Verts/ALE

2

Croatia Verts/ALE

For (1)

1

Slovenia Verts/ALE

For (1)

1

Hungary Verts/ALE

2

Latvia Verts/ALE

1

United Kingdom Verts/ALE

3
icon: GUE/NGL GUE/NGL
40

Italy GUE/NGL

2

Sweden GUE/NGL

For (1)

1

Portugal GUE/NGL

2

Cyprus GUE/NGL

2

Finland GUE/NGL

For (1)

1

Denmark GUE/NGL

For (1)

1

Netherlands GUE/NGL

2

France GUE/NGL

Abstain (1)

3

Czechia GUE/NGL

2
icon: ALDE ALDE
53

Sweden ALDE

Against (1)

3

Austria ALDE

For (1)

1

Estonia ALDE

3

Luxembourg ALDE

For (1)

1

Portugal ALDE

1

Germany ALDE

2

Ireland ALDE

For (1)

1

Finland ALDE

Against (1)

3

Lithuania ALDE

1

Denmark ALDE

2

Croatia ALDE

2

Slovenia ALDE

For (1)

1

Latvia ALDE

1

Romania ALDE

For (1)

Against (1)

2

Czechia ALDE

For (1)

4

United Kingdom ALDE

1
icon: NI NI
15

Germany NI

2

Hungary NI

2

France NI

2

United Kingdom NI

Against (2)

2

Poland NI

2
icon: EFDD EFDD
34

Sweden EFDD

2

Lithuania EFDD

Against (1)

1

Czechia EFDD

Against (1)

1

Poland EFDD

1
icon: ENF ENF
30

Austria ENF

Abstain (1)

4

Belgium ENF

Against (1)

1

Netherlands ENF

4

Romania ENF

Against (1)

1

Poland ENF

Against (1)

1
icon: ECR ECR
56

Italy ECR

Against (1)

1

Bulgaria ECR

1

Greece ECR

For (1)

1

Belgium ECR

3

Finland ECR

2

Lithuania ECR

Against (1)

1

Denmark ECR

3

Netherlands ECR

Against (1)

1

Croatia ECR

Against (1)

1

Romania ECR

Against (1)

1

Czechia ECR

2
icon: PPE PPE
181

Greece PPE

2

Sweden PPE

For (1)

3

Belgium PPE

For (1)

4

Luxembourg PPE

For (1)

Against (1)

Abstain (1)

3

Cyprus PPE

Against (1)

1

Finland PPE

2

Lithuania PPE

2

Denmark PPE

Against (1)

1
4

Latvia PPE

Abstain (1)

4
AmendmentsDossier
1931 2017/0003(COD)
2017/06/28 ITRE 324 amendments...
source: 602.723
2017/07/03 IMCO 137 amendments...
source: 604.858
2017/07/10 JURI 428 amendments...