While the original European Commission’s Proposal for a Regulation concerning the respect for private life and the protection of personal data in electronic communications (e-Privacy Regulation) was already published in January 2017 and the European Parliament’s adopted its Report in October 2017, the Council still needs to adopt its position. Throughout the negotiations, Member States have raised concerns over many different aspects of the proposal, ranging from its scope of application, for instance on consent requirements and the tracking of online activity through cookies, its definitions, its legal basis to its relationship (and overlap) with the General Data Protection Regulation.
In an attempt to build consensus among Member States, the Croatian Presidency of the Council of the EU put forward a compromise text in February 2020. The most important change introduced by the Presidency was the possibility to process electronic communications metadata (article 6b) and to use processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal (article 8) when it is necessary for the purpose of legitimate interests. This was a positive development that Ecommerce Europe supported, but only partially, because the proposed legal ground was accompanied by several conditions that would have de facto limited the possibility of performing activities such as profiling under this legal ground. In addition, the Croatian Presidency attempted to clarify aspects such as the application to apply to Machine-to-Machine or Internet of Things services (recital 12).
The text from the Croatian Presidency was met with ‘mixed’ reactions from the Member States, in particular regarding the introduction of the legitimate interest ground. However, disagreement also rose over the adjusted and deleted sections and the alignment of the proposal with the GDPR. Countries have also pushed for safeguards to fight child pornography online in internet governance bills like the proposed e-Privacy Regulation. However, the issues of child imagery or data retention have not been discussed under the Croatian Presidency.
Following the outbreak of COVID-19, negotiations had to be stopped. The Croatian Presidency published a progress report on the file on 29 May, in which it stated that it would not restart the work on e-Privacy until the end of its mandate. Therefore, the upcoming German Presidency will take the lead on the file from 1 July. The German Presidency will also have to deal with the fact that some Member States had called on the Commission to come up with a new proposal. Therefore, reaching an agreement on e-Privacy in Council is expected to remain a challenging task.