Brussels, BE – Today, the EU Commission published its proposal for an e-Privacy Regulation and two Communications; on the data economy and on data transfers. With these proposals, the Commission plans to tackle issues from confidentiality of communications, “data localisation”, “non-personal data”, international data transfers, and more.
“In its current form, the package of proposals does not meet human rights standards for privacy and data protection, undermines the achievements of the GDPR, and jeopardises legal certainty”, said Fanny Hidvegi, European Policy Manager at Access Now.
The e-Privacy Regulation
Access Now welcomes the introduction of a proposal to review the e-Privacy Directive, which aims to protect users’ right to privacy online and confidentiality of communications. We support the Commission’s decision to turn the directive into a regulation to ensure harmonisation and guarantee the same level of protection of user rights across the EU. Unfortunately, a significant number of loopholes were introduced to the text published today compared to the December draft, which is a reflection of the intense lobbying conducted by the industry to water down the law. For instance, the provision enabling users to mandate NGOs or consumer organisations to bring claims on their behalf has been removed in the final text.
“This is a rather bittersweet start for the reform of the e-Privacy rules but we are committed to work with the legislators to improve the proposal and make the law fit for purpose”, said Estelle Massé, Policy Analyst at Access Now. “Recent Eurobarometer surveys and consultations have demonstrated that users want more protection for their online privacy, now it’s time for the legislators to deliver”.
Communication on Data Transfers
Today’s Communication is an illustration of how trade negotiations, rather than data protection, have driven the discussions on data transfer agreements. Several of the countries mentioned in the Communication are either in talks for, or have recently concluded, free trade agreements with the EU. The exchange of data was often a core issue during their negotiations. Despite this, the Commission continues to reaffirm its commitment not to negotiate data protection and privacy within the context of trade agreements, which we wholeheartedly support.
“International transfers of personal data are key for businesses all around the world. The fundamental rights to privacy and data protection, however, override the business interest. The Commission must make changes to its approach to respect this principle,” added Fanny Hidvegi.
The package also includes proposals for data transfer and adequacy arrangements for the law enforcement sector. “The EU Commission is planning to use the EU-US Umbrella Agreement, which is an agreement that fails to comply with EU primary law as a basis for negotiating future deals. It does not provide adequate remedies, independent oversight and is mischaracterized as a tool to tackle mass surveillance. This is simply unacceptable”, added Hidvegi.
Communication on the Data Economy
It is difficult to understand what problems the Commission is trying to tackle in its Communication on “building a European Data Economy”. The document is filled with vague and undefined concepts, contains several contradictions and is touching on a patchwork of issues including “data localisation”, non-personal data and liability for Internet of Things products and services.
We look forward to the Commission’s transparent and updated reports on these discussions with member states. The issues at stake need to be explicitly clarified and public consultations should be conducted to delineate future approaches towards these complex topics.
For more information, please see:
- The EU’s e-Privacy directive: more than just a ‘cookie law’
- Access Now position paper on the e-Privacy Review
- The Umbrella Agreement just isn’t good enough to protect our rights
European Policy Manager – [email protected]
Senior Policy Manager – [email protected]