Out-Law News | 03 Dec 2019 | 9:25 am | 3 min. read
The e-Privacy reforms cannot be finalised until the Council of Ministers and the European Parliament agree on the wording and formally vote to approve the new legislation. MEPs set their negotiating position on the Regulation in October 2017, but trilogue talks between the Parliament, Council and European Commission to finalise the text cannot commence until the Council agrees its position.
A progress report published by the Council's Permanent Representatives Committee (Coreper) on 27 November revealed that there is insufficient support across the national governments of EU countries for the approach proposed by Finland for taking forward the reforms since it assumed the presidency of the Council in July.
The Council's transport, telecommunications and energy group is set to discuss the progress report at a meeting today, 3 December.
Voznick, who was on the drafting team for the Commission's original proposals for a new e-Privacy Regulation, which were published in January 2017, said: "The purpose of seeking a new EU regulation on e-privacy, as opposed to an EU directive like we currently have, was to better harmonise privacy laws across member states. A regulation is directly applicable across the EU while a directive has to be implemented into national law, providing greater scope for divergence."
"The Commission was successful in delivering the General Data Protection Regulation (GDPR), which more closely standardises data protection laws in the EU, but without a more harmonised approach to privacy in electronic communications, businesses operating across the EU will continue to face a real compliance challenge. Ultimately, this serves as a barrier to cross-border trade and the operation of a true digital single market," she said.
The latest progress report has indicated that further differences remain on issues such as rules around the processing of electronic communications data for the purposes of prevention of child abuse imagery and for preventing other serious crimes, in particular terrorism. The way in which national supervisory authorities and the European Data Protection Board would cooperate on cross-border cases has also still to be bottomed out at the Council.
Voznick said that the delay in the reforms has real implications for businesses engaging in direct marketing via electronic communications.
"There are major differences currently in the way EU countries approach the regulation of electronic marketing," Voznick said. "In some countries, for instance, responsibility for regulation lies with consumer protection regulators, while telecoms regulators have that duty in others. Data protection authorities are responsible for monitoring compliance in other member states. In addition, some of the regulators have powers to fine organisations for breaches, while others do not, while the restrictions that national rules place on e-marketing vary too from country to country."
"A new e-Privacy Regulation would harmonise the rules and regulatory framework and make it easier for businesses to carry out direct marketing via digital channels across the EU single market than is the case now," she said.
The current e-Privacy Directive sets out strict rules designed to curb unwanted nuisance marketing calls, spam text messages or emails.
Businesses using automated call systems, fax or email to conduct direct marketing activities are prohibited from doing so except where they have the prior consent from prospective recipients of those communications.
In the case of email, the Directive does permit businesses' direct marketing of products or services to consumers who bought, or negotiated for the purchase of, similar ones from them where they have obtained their email address in the course of that earlier sale or negotiation, although consumers retain the right to opt out from receiving such promotions.
Under the framework, organisations are generally prohibited from sending all other unsolicited direct marketing communications to consumers without their consent. However, for those communications, EU countries have the choice of imposing an opt-in or opt-out consent requirement.