Privacy & Cybersecurity Law Blog

On December 12, 2016, Politico reported that the European Commission intends to replace the e-Privacy Directive with a Regulation. The planned shift from a Directive to a Regulation has important legal consequences under EU law, as it means that instead of creating a floor upon which EU Member States may base the creation of their own versions of the law, a Regulation will create a harmonized set of requirements at the EU level that are directly applicable in the Member States.

The e-Privacy Directive was enacted in 2002 and designed to protect the right to privacy and confidentiality of users of electronic communication services, such as Internet service and broadband providers. Since its enactment (and subsequent amendment in 2009), the communications industry has evolved significantly, with an explosion in the availability and usage of so-called “over-the-top” communications services that provide their services via Internet-based applications. The European Commission’s new draft Regulation, which was leaked to Politico, intends to include within its scope these “over-the-top” service providers, such as Skype and WhatsApp, that were not previously regulated under the e-Privacy Directive. The draft Regulation also addresses access to electronic communication services by government agencies for surveillance and monitoring purposes.

The draft Regulation is intended to complement the EU GDPR, and contains a number of provisions that mirror those of the GDPR. Consent under the Regulation will, for example, be based on the requirements for consent under the GDPR.

Politico reports that the draft was last amended on November 28, 2016, and is expected to be formally published on January 11, 2017.