we reported that the European Commission had opened a public consultation seeking the views of various
stakeholders on the current wording of, and possible changes to,
the Privacy and Electronic Communications Directive (2002/58/EC as
amended) ("ePrivacy Directive"). The retrospective
evaluation was necessary to ensure the ePrivacy Directive is fit
for the digital age, and remains valuable and effective once the
General Data Protection Regulation (2016/679) ("GDPR") is
introduced. The Information Commissioner's Office
("ICO") published its response to the consultation, outlining its
view that the ePrivacy Directive has achieved its objectives to a
"moderate" degree, and providing feedback on a range of
specific points. The response revealed the following ICO
Having specific rules for the
electronic communications sector for the confidentiality of
communications, unsolicited electronic marketing communications,
itemised billing invoices, and presentation and restriction of
calling and connected lines, adds value.
Having specific rules for the
electronic communications sector for personal data breaches and
traffic and location data will not add value, as these areas will
be dealt with by the GDPR.
The definitions contained in the
ePrivacy Directive often lacked clarity.
The scope of the ePrivacy Directive
should be broadened, in part, to include Over-The-Top services,
such as Voice over IP, instant messaging, and emailing over social
networks, but only if accompanied by a clear definition of such
Strong protections for
individuals' privacy rights (such as requiring manufacturers to
ship products with strong privacy settings as the default) should
be introduced with great care, and should be balanced with the
legitimate interests of business so as not to stifle
A requirement to obtain opt-in
consent should be applied to all instances of direct marketing on
the basis that one consistent rule is "simpler to understand
and to enforce". The ICO does, however, recognise the
inevitable challenges that occur with this approach. Amending the
provisions on confidentiality of communications and of the terminal
equipment, unsolicited communications, and governance (competent
national authorities, cooperation, fines, etc.), were highlighted
as priorities when revising the ePrivacy Directive.
confirmed that EU data protection laws will still be relevant
after the UK's withdrawal from the European Union, validating
its contribution to the ePrivacy Directive consultation.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).