EUROPEAN DATA PROTECTION BOARD (May 2018)
EDPB calls for the adoption of e-privacy regulation as rapidly as possible to ensure end-users´ confidentiality of communications is protected as for example Over-the-Top services are not currently covered under the effective directive. In its opinion statement it gives further advices and clarifications. It fully supports the approach of the Regulation based on broad prohibition, narrow exceptions and the use of consent.
EDPB also fully supports the Regulation's approach to confidentiality of electronic communications and also emphasises that electronic communication metadata can still be processed without consent if genuinely anonymised. However, it supports strengthening the article 10 which was deleted in the first set of amendments.
See full document here: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_statement_on_eprivacy_en.pdf
EUROPEAN DATA PROTECTION SUPERVISOR (April 2017)
On one hand, EDPS welcomes the usage of a regulation instead of directive aiming at achieving consistent level of protection among member states. On the other hand, in its Opinion on Proposal of ePR it includes further recommendations and issues to be discussed.
Firstly, EDPS recommends removing the unnecessary dependencies on the proposal of European electronic communications code because the proposed directive aims to protect economic values in contrast to the ePR which is mostly protective of fundamental rights.
Secondly, EDPS recommends strengthening the provisions on end-user consent as they are the individuals who are actually using the system.
Moreover, EDPS also emphasises that the relationship between GDPR and ePR must not leave loopholes for protection of personal data.
EDPS lacks in the ePR further provisions on the issue of tracking walls. It states that it is crucial that users would be able to use a service without being tracked (especially by third parties) and therefore recommends complete ban on “tracking walls” in the regulation.
As GDPR sets privacy by default, EDPS thinks the same level should be provided by the ePR as well. Therefore browsers (and other software placed on the market permitting electronic communications) should be set to prevent digital tracking.
EDPS is also concerned about the margin of appreciation accorded to the Member states to introduce restrictions and it emphasises that such measures should be given specific safeguards, such as prior judicial authorisation.
See full document here: https://edps.europa.eu/sites/edp/files/publication/17-04-24_eprivacy_en.pdf
ART. 29 WORKING PARTY (April 2017)
Art. 29 WP generally welcomes the ePR proposal, mainly for its form of a regulation rather than directive and for being complementary legal instrument to the GDPR. It also welcomes the expansion of the scope in comparison to the directive in effect. It supports the used approach of broad prohibitions and narrow exemptions. However, there are four main issues the WP is concerned about.
First concern is regarding the tracking of the location of terminal equipment, the WP believes the obligations in the Regulation for the tracking of the location of terminal equipment should comply with the GDPR-requirements.
Secondly, the WP is concerned with the conditions under which the analysis of content and metadata is allowed as in the first proposal there are different levels of protection accorded to metadata and content and WP believes they should be given same level of protection.
Thirdly, privacy should be accorded by default as guaranteed in the GDPR.
Lastly, according to the WP, ePR should explicitly prohibit tracking walls and accessing content on website should not be conditional.
WP concludes its Opinion with a demand aimed at the proposed regulation to fulfil its promise and provide equal or higher level of protection than the GDPR.
See full document here: http://ec.europa.eu/newsroom/document.cfm?doc_id=44103
CENTRE FOR INFORMATION POLICY LEADERSHIP (September 2017)
The CIPL has serious concerns mainly regarding Chapter II of the proposal and in its commentary it specifies 10 main issues which CIPL things should be discussed more before the adoption of the ePR.
Firstly, CIPL believes the scope of the proposal should be limited as it is too wide and it consequently undermines article 6 of the GDPR. Also, the usage of definitions of the non- adopted proposal of European Electronic Communication Code brings uncertainty and ambiguity.
Secondly, the CIPL addresses the content. In its opinion content required by the proposal is often not meaningful and rather counterproductive and also the exceptions to consent are too narrow.
Thirdly, the CIPS states that the concept of legitimate interest must be included as a ground for processing in articles 6 and 8. They believe legitimate interest might be more protective of one's right and also more future-proof. To make the ePR even more future-proof, CIPL calls for more flexibility. CIPL suggest a code of conduct as a good instrument for flexibility.
Lastly, CIPL recommends postponing the adoption as well as the date of effectiveness of the ePR.