THE EPRIVACY REGULATION AND HOW IT MAY AFFECT YOUR BUSINESS
The proposed EU Regulation on Privacy and Electronic Communications (the “Regulation”) will replace the 2002 e-Privacy Directive (the “Directive”) and each member state’s national implementation thereof. The Regulation was proposed January 2017 by the European Commission with the intention to enter into force at the same time as the GDPR on 25 May 2018. However, due to several delays, the final form of the Regulation has yet to be agreed and it remains to be seen when the Regulation will be fully applicable in the EU.
While the Directive has resulted in uncertainty as to whether over-the-top (“OTT”) services and electronic communications data transmitted in such services fall within the scope of the Directive, the Regulation sets out to cover not only traditional telecommunications services but also services such as Voice over IP, messaging services and web-based e-mail services. Furthermore, electronic communications data transmitted solely between machines via electronic communication networks (for example IoT-devices) are suggested to fall within the scope of the Regulation as well.
Providers of software, who enable electronic communications, are obligated under the Regulation to offer functionality in the software to prevent third parties from storing information on the end user’s terminal equipment and/or processing information already stored on such equipment. Furthermore, during the installation of any software enabling electronic communications, the end user shall be informed about the privacy settings options in the software and be required to configure such settings.
In addition to the abovementioned, the Regulation also prescribes several rules on market communications including an obligation for marketers to not prevent the presentation of the calling line identification or to use a special pre-fix that indicates a marketing call.
Violations of the Regulation will be subject to the liability provisions of the GDPR meaning that a breach of the Regulation may result in an obligation to compensate end users affected by the breach as well as paying administrative fines up to 20,000,000.00 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.
Even if the date of application of the Regulation in uncertain and will occur earliest in 2023, businesses should already now evaluate how they may be affected and start taking preparatory measures in order to ensure a smooth transition from the Directive to the Regulation. If you have questions or would like to know more about the Regulation and how it may affect your business, do not hesitate to contact us.