On November 18, the Finnish Presidency of the Council of the European Union released another draft of the ePR. The Presidency intends for the draft to become a basis for adopting a general approach at the meeting of the TTE Council on 3 December 2019 despite some of the Member States’ (including Czech Republic, Poland or Italy) objections.
A brief summary of the main changes introduced by the draft:
The Presidency opted for a permanent solution for the prevention of child abuse imagery in Article 6b, providing a ground for processing data for the preventive purposes and appropriate safeguards to frame such processing.
The Presidency also dealt extensively with the topic of protection of terminal equipment information. In response to the need to clarify the issue of conditional access to websites and the concern of undermining the existing business models, the Presidency developed the text of recital 20 on the genuine choice of the end-user.
As a reply to the concern of delegations about the ePrivacy proposal in the context of machine-to-machine and Internet-of-Things services, the Presidency provided clarification in the recitals. Recital 12 ascertains that the ePrivacy Regulation shall apply to the machine-to-machine electronic communications only when they are carried out via publicly available electronic communications service. Recital 21 now also includes more detailed guidelines on handling the information stored in terminal equipment without the consent of the end-user, listing copious examples of legitimate uses which don’t require consent.
There is also an effort to clarify the scope of the ePrivacy Regulation as to the processing of electronic communications data by end-users or entrusted third parties. It also simplified the concept of third parties and provided an explanation of the term in Recital 19. The Presidency also introduced a change that would allow processing of electronic communications data when necessary to provide electronic communications service.
As for the role of European Data Protection Board in cooperation between various supervisory authorities, the Presidency proposed to include an obligation for the EDPB to consult supervisory authorities before exercising its tasks under the ePrivacy Regulation in Article 19 (5).
The full proposal is available at https://www.politico.eu/wp-content/uploads/2019/11/file.pdf.