After 4 years of negotiations, the EU Council found a common position in February 2021. Now the regulation is in trilogue with Council, Commission and Parliament.
The e-Privacy Regulation applies to all interpersonal communication services – including chat systems such as WhatsApp, Skype, and, if applicable, Skype. Chat function on the website. It regulates the provision of communications services, the processing of communications data and the setting of browser cookies in the EU.
Prohibition principle (Article 5) and permits (Article 6f):
- Content data & metadata may be processed (Art 6 Abs1)
- necessity to provide a communication service.
- to maintain security and for fault detection
- to detect / prevent security risks or prohibit attacks against end-user ressources.
- comply with a legal obligation to protect public security.
- Metadata can be processed (art 6b, paragraph 1).
- upon consent of the end user (revocability reminder every 12 months, unless end-user refuses reminder; Article 4a paragraph 3).
- to provide an electronic communications service for which the end-user has entered into a contract.
- to protect the vital interests of a natural person.
- NO longer in the case of the Operator’s overriding legitimate interests.
This applies to cookies or other information stored on end devices.
- Prohibition principle (Art 8 Abs1) applies to
- any non-self-use by the end-user of the processing and storage functions of terminal equipment.
- any collection of information from the end-users equipment, including through their soft- or hardware.
- The following are permissible (Art. 8 (1) (a) to (f ))
- necessary to offer an electronic communication process.
- End User Consent is given — Browser settings are sufficient (Article 4a (2)).
- necessary for the provision of a service requested by the end user (“good cookies”).
- is necessary for the measurement of the web audience, provided that website operators or processors (or collectively responsible) carry out measurement.
- necessary to locate callers of an emergency call.
- NO LONGER necessary for the overriding legitimate interests of the operator.
- Necessary for the safety of the service or device.
- Specific permissions for the collection of IP addresses (Art. 8(2) ) are as follows
- (“Information emitted by a user’s device in order to connect to other equipment or to network”).
- necessary for making or maintaining the connection
- End User Consent
- Statistical counting
- necessary for the provision of a service requested by the end user
- Unsolicited communication
- Direct mailings via electronic communication services to natural persons are permitted:
- Only with prior consent (opt-in; Art. 16 paragraph 1).
- Exception: existing business relationship (opt-out; Art. 16 (2)).
- Only with prior consent (opt-in; Art. 16 paragraph 1).
- personal direct mail call to natural persons
- Member States may introduce opt-out (Art 16(4))
- unsolicited communication to legal entities
- Member States shall ensure adequate protection of legitimate interests (Article 16 (5)).
So we can continue to be curious about what ultimately awaits each individual entrepreneur. However, if you have any questions regarding the implementation or documentation of the e-Privacy Regulation, please contact Schindler IT-Solutions GmbH.