easyGDPR

We make implementing General Data Protection Regulation Easy

by

After four years of negotiations, the EU-Council reached a common position in February 2021. The regulation is now in a trilogue with the Council, the Commission and Parliament.
The e-Privacy Regulation applies to all interpersonal communication services — including chat systems such as WhatsApp, Skype, etc. on the website. It governs the provision of communication services, the processing of communication data and the setting of browser cookies in the EU.

Prohibition principle (Article 5) and permits (Article 6f):

  • Content data & metadata may be processed (Article 6 (1)).
    • necessity to provide a communication service.
    • to maintain security and for fault detection
    • to detect / prevent security risks or prohibit attacks against end-user ressources.
    • comply with a legal obligation to protect public security.
  • Metadata can be processed (art 6b, paragraph 1).
  • upon consent of the end user (revocability reminder every 12 months, unless end-user refuses reminder; Article 4a paragraph 3).
  • to provide an electronic communications service for which the end-user has entered into a contract.
  • to protect the vital interests of a natural person.
  • NO longer in the case of the Operator’s overriding legitimate interests.

This applies to cookies or other information stored on end devices.

  • Theprinciple of prohibition (Article 8 (1)) applies to.
    • any non-self-use by the end-user of the processing and storage functions of terminal equipment.
    • any collection of information from the end-users equipment, including through their soft- or hardware.
  • It ispermitted (Art. 8 (1) (a) to (f) when:
    • necessary to offer an electronic communication process.
    • End User Consent is given — Browser settings are sufficient (Article 4a (2)).
    • necessary for the provision of a service requested by the end user (“good cookies”).
    • is necessary for the measurement of the web audience, provided that website operators or processors (or collectively responsible) carry out measurement.
    • necessary to locate callers of an emergency call.
    • NO LONGER necessary for the overriding legitimate interests of the operator.
    • Necessary for the safety of the service or device.
  • collection of of IP addresses (Article 8 (2)) is permitted when:
    • (“Information emitted by a user’s device in order to connect to other equipment or to network”).
    • necessary for making or maintaining the connection
    • End User Consent
    • Statistical counting
    • necessary for the provision of a service requested by the end user
    • Unsolicited communication
  • Direct marketing via electronic communications services to natural persons is permitted if:
    • Only with prior consent (opt-in; Art. 16 paragraph 1).
      • Exception: existing business relationship (opt-out; Art. 16 (2)).
  • personal direct mail call to individuals.
    • Member States may introduce opt-out options (Art. 16 (4)).
  • unsolicited communication to legal entities.
    • Member States shall ensure adequate protection of legitimate interests (Article 16 (5)).

We can therefore continue to look forward to what will ultimately happen to each individual entrepreneur. However, if you have any questions regarding the implementation or documentation of the e-Privacy Regulation, please contact Schindler IT-Solutions GmbH. .