ARTICLE
7 November 2024

EDPB Provides Insight For Use Of Tracking Tools

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like.
European Union Privacy
Liisa M. Thomas
Your Author LinkedIn Connections
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Cannabis & Hemp topic(s)
  • in Asia

The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like. First, some background: an EU law that predates GDPR (Directive 2002/58/EC or the Cookie Directive), impacted how companies could interact with users on their computers. That directive was updated in 2009 (Directive 2009/136/EC or the ePrivacy Directive). Under the ePrivacy Directive, among other things, companies cannot "store" or "access" someone's "terminal equipment" without consent. (There are some exceptions to the consent requirement.) In this recent guidance, the EDPB provided direction on when and whether passive tracking technologies were storing or accessing information on a users' computer (or other device) such that the ePrivacy Directive requirements would apply.

In the guide, the EDPB reminded companies that the ePrivacy Directive requirements apply when the technology collects any information (not just personal information). Additionally, that in-scope equipment can be that owned or simply used by an individual. The equipment may also not be a computer, but could be a connected (IoT) device. And, that "access" can occur through technologies that place software on someone's computer (APIs, JavaScript) or instructing protocols (SDKs, tracking pixels). Finally, that "storage" might be temporary, but will still be in scope for the ePrivacy Directive.

With these in mind, the EDPB outlined what it viewed as newer technologies that are in-scope for the ePrivacy Directive. This updates the list from the 2014 Working Party guidance (which included digital fingerprinting). The list provided in this new guidance included tracking pixels, when they are sent to the user's computer and then return to the sender with specific information. It also included IP-only tracking, if the IP address "originates from the" user's computer. The list the EDPB provided was not exhaustive, it stressed.

Putting It Into Practice: This guide is a reminder that new technologies can be viewed as in-scope for older laws. While this guidance is helpful, it does not outline the times when there might be an exception to the consent requirement. Something that the EDPB specifically called out. Privacy practitioners reviewing proposed tracking tools may find helpful the way that the EDPB analyzed these tools to determine whether or not the ePrivacy Directive would be viewed as applying.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Liisa M. Thomas
Liisa M. Thomas
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More