The Romanian presidency of the Council has recently released new amendment to the proposal of the ePrivacy regulation (ePR). At this stage, the modifications concern mostly the body of the regulation, but a few recitals have been changed on the basis of the discussions during the WP TELE's meetings on 7 February and 26 February.
Since the ePR complements the GDPR, the Romanian presidency emphasises the cooperation between respective supervisory authorities. Therefore, Article 18 now specifies that supervisory authorities under the ePR shall cooperate and with the authorities responsible for monitoring the application of the GDPR, as well as with other relevant authorities if necessary. In particular, as far as processing of personal electronic communication data is concerned, the competent data protection authority shall also be responsible for the ePR enforcement. The scope of supervisory authorities' powers has been broadened. Supervisory authorities should get investigative and corrective powers, which aligns with the GDPR regime. These modifications have also been reflected in Recital 36.
Article 19 should now clarify the role of the European Data Protection Board which shall be authorized to issue guidelines, recommendations and best practices in order to facilitate the above-mentioned cooperation and promote the exchange of relevant experience and knowledge, which should be also enhanced by the maintenance of the publicly accessible electronic register of decisions of supervisory authorities. It has also been proposed to extend EDPB’s power to monitor and ensure the correct application of ePR in the cases stipulated in Articles 64 and 65 of the GDPR (opinion and dispute resolution by the Board), without prejudice to the tasks of national supervisory authorities.
Restrictions of the ePR applicability to be adopted by the Member States or the EU (Article 11) have also been modified. The new proposal should promote an obligation of the providers of electronic communication services to retain electronic communications data to safeguard one or more of the general public interests, for a limited period more extended than the one outlined in Article 7 (storage and erasure of electronic communications data). Related changes have been reflected in Recital 26.
Article 21 is proposed to be modified to provide explicitly listed possible remedies to the end-users. They are in line with the GDPR remedies – the right to an effective judicial remedy, the right to lodge a complaint with supervisory authority and the right to an effective judicial remedy against a decision of supervisory authority.
Last but not least, some changes were made for consistency within the text of the proposal or with other European acts (e.g. European Communication Code), in particular the definition of 'processing' referred to in Article 4(2) of the GDPR shall not be limited to processing of personal data (Art. 4 of the proposal).