Updated ePrivacy Regulation Draft Released

The European Union Council Presidency recently released a revised draft of the ePrivacy Regulation. The original draft, introduced by the European Commission in 2017, focused on outlining data security laws and reinforcing rules regarding the electronic transfer of data. The ePrivacy Regulation pulls many of its fundamental requirements from the EU’s General Data Protection Regulation (GDPR). GDPR has been a major focus in the EU as companies are expected to disclose when and why they are collecting personal data. 

The revised draft of the ePrivacy Regulation also seeks to repeal the Privacy and Electronic Communications Directive (Directive 2002/58/EC) with a heartier approach to the protection of personal data in electronic communications.

Like many regulations, the most recent draft of the ePrivacy Regulation is one of many drafts that have been released as member states seek to reach an agreement.  

This week, the amendments that have been proposed offer major revisions to some of the existing Recitals and modifications to some of the articles. The changes amend even some of the previous proposal, released on February 21, 2020. The focus of the updates this time around is metadata and what constitutes “legitimate interest” to process it and place cookies on the users’ device. The updates align with much of what the GDPR has outlined. 

The following conditions would need to be met to process the data: 

• Conduct data protection impact assessments 
• Consult the relevant supervisory authority body 
• Implement appropriate security measures 
• Provide information to users about data processing activities 
• Provide users with the right to object to the processing of their data 
• Not selling or sharing metadata or data collected through tracking technologies with third parties unless the users’ identity is removed from the data. 

On March 19, the Working Party on Telecommunications and Information Society will meet to further discuss the updated draft and decide on a date that official comments from the Presidency and other delegations will be due.  

How CookiePro Helps

Inform and allow visitors to opt-out of the collection of their personal data when they visit your website.

• Scan your website to identify and categorize cookies and tracking technologies on your website
• Display a location-based cookie consent banner that auto-blocks cookies until the visitor opts-in or out of your cookie policy

Generate a dynamic cookie policy that is updated based on Cookiepedia, the largest database of cookies.

• Automatically generate a detailed list of cookies, categories, and descriptions in dynamic Cookie List based on your latest website scan.
• Once the disclosure is embedded on your website, you can easily update the content from the CookiePro interface at any time.

Intake and fulfill data subject requests for personal information access requests:

• Build a GDPR-specific request intake web form linked directly from your company’s website
• Centralize all subject access requests into a single queue
• Define an automated triage workflow for fulfilling requests