On 10 January 2017, the European Commission presented its formal proposals for a new ePrivacy Regulation. These represent an overhaul of privacy rules relating to direct marketing, cookies and similar technologies, and other forms of online monitoring.
The Commission's aim is to have the new Regulation adopted by 25 May 2018. Accordingly, unless the UK Government conducts its Brexit negotiations in under fifteen months (and assuming that Article 50 is triggered as planned by the end of March 2017), this Regulation will have direct effect on the UK.
In this article, we'll take a look at the existing law forming the backdrop against this reform, examine the key features of the new draft Regulation, and offer our take on the likely benefits and challenges of the new regime.
At EU level, the Regulation will repeal the Privacy and E-Communications Directive 2003 (the "PECD"). Nationally, the Regulation will repeal the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the "PECR").
The PECR provides a body of rules on marketing calls, emails, texts and faxes, cookies, security of communications and customer privacy in respect of metadata. Under the existing law, a range of enforcement powers exist to ensure compliance, including criminal prosecution, and a fine of up to £500,000.
Purpose of the Regulation
Electronic communication services have evolved significantly over the past decade, with consumers and businesses relying more and more on communication via internet based services. However, existing laws have not kept pace and do not reflect current commercial practices. Most significantly, they fail to cover many key internet based services which have risen to prominence over the last ten years, for example, so called Over-The-Top ("OTT") communication services, such as Skype, Gmail and WhatsApp.
Against this backdrop, the Commission has introduced the draft Regulation to reinforce trust and security in the Digital Single Market. Crucially, the draft Regulation also seeks to align the rules for electronic communication services with the standards set in the General Data Protection Regulations ("GDPR").
Relationship with GDPR
It is important to note that the draft e-Privacy Regulation is being published in the wake of the GDPR, the EU's new framework for data protection law, due to come into force on 25 May 2018. If you would like to find out more about the GDPR and the impact it may have on your business, please click here...