After four years of talks, EU States reach underwhelming agreement on ePrivacy reform

Brussels, BE — Access Now applauds the Portuguese Presidency and negotiators in the Council of the EU for reaching an agreement on the ePrivacy reform. However, the content hugely misses the mark.

It is encouraging to see that now the Council and European Parliament can move forward with the completion of this long-awaited reform for the protection of privacy and confidentiality of communications. Further delay in the negotiations or failure to find agreement could put an end to this reform.

“After four years of negotiations, it was time for the Council to move forward with this important reform of the ePrivacy Regulation”, said Estelle Massé, Senior Policy Analyst at Access Now.

Access Now does not endorse the content of the text that was agreed today by Council negotiators.

“The reform is supposed to strengthen privacy rights in the EU but the text approved by the Council hugely misses the mark”, added Estelle Massé. “States poked so many holes into the proposal that it now looks like French Gruyère. The text adopted today is below par when compared to the Parliament’s text and previous versions of government positions. We lost forward-looking provisions for the protection of privacy while several surveillance measures have been added”.

Access Now looks forward to the swift start of the trilogue negotiations. As a priority, the institutions should address the following issues:

  • Ensuring the application of fundamental rights to privacy both in commercial and law enforcement contexts and that the Regulation respects and incorporates the CJEU jurisprudence, in particular in the area of data retention and law enforcement activities;
  • Restoring requirements for service providers to protect online users’ privacy by default;
  • Establishing clear rules against online tracking, beyond the use of cookies;
  • Preventing dark patterns, including cookie walls, that would force users into accepting to be monitored online;
  • Rejecting the possibility for companies to “further process” communications metadata or terminal equipment data; and
  • Clarifying that Data Protection Authorities will have the jurisdiction to enforce the ePrivacy Regulation.

See here for more on the ePrivacy reform.