On 4 February 2019, the Romanian Presidency published a paper on a possible compromise to the outstanding issues with the ePR in preparation of the WP TELE meeting on 7 February 2019, (The Paper). The Paper should address the outstanding issues arising from the last ePR proposal of October 19, 2018.
The impact of ePR on new technologies in situations of multiple-end users and the question of consent
The Paper proposes to address the potential difficulties concerning the scope of application of the ePR on new technologies such as M2M (Machine-to-Machine), IoT (Internet of Things) or AI (Artificial Intelligence). According to the Paper, these should be addressed in the recitals by setting out that the ePR applies to all communications networks that provide access to a non-predefined group of end-users, irrespective of whether the service providers are ancillary to other services or not. Electronic communications data circulating within closed groups of end-users, such as corporate networks, or within home WIFI networks should not be subject to the ePR. On the other hand, once the electronic communications data exist these so-called closed networks, the ePR should take full effect (including on M2M, IoT and personal/home assistance data). In this regard, the ePR’s provisions regarding the protection of end-users’ terminal equipment information are also applicable when the terminal equipment is connected to the home WIFI network.
Addressing the issue of “consent-fatigue”, the Presidency Paper proposes implementing transparent and user-friendly settings in the electronic communications software in a manner that would allow end-users to grant consent to one or more providers for one or more purposes. In this regard, the Paper comes back to the original solution, where end-users could give their consent by appropriate settings of their software instead of repetitive clicking on every website.
Additionally, the Paper stresses that end-users' consent should be sought only in cases where the data are used for other purposes than for what is necessary to carry out the transmission of electronic communication or the provision of information society service.
Child protection (Detection of child pornography)
The Paper proposes that detection and deletion of child pornography be stipulated as another exemption for permitted processing of electronic communications data.
According to the Paper, such data processing should not analyse the actual communications content while appropriate safeguards should be introduced by the controller/processor carrying out the analysis (including, but not limited to, DPIA according to Art. 35 GDPR).
Exclusion of national security and defence from the ePR scope of application
National security should be explicitly excluded from the ePR scope ("This Regulation does not apply to activities which fall outside the scope of Union law, such as activities concerning national security and defence;).