What Is In MEP Lauristin’s Report on ePrivacy?

FEDMA Article – Earlier in June, MEP Lauristin published her draft report. While Lauristin has made an effort to keep the technology neutral aspects of the text, she has strengthened many of the already very restrictive provisions of the text.

She does not hide that in her view, the ePrivacy may go above the requirement of the GDPR in order to provide additional and complementary safeguards, providing additional protection for the confidentiality of communications (AM 4). She also clarifies that whenever the ePrivacy Regulation requires consent, such consent cannot be the basis of further processing as defined in the GDPR. If a controller wants to further process personal data, a new consent would have to be collected (AM 13).

Her amendments on the definition of Direct Marketing are likely to broaden substantially the scope of the definition. This suggestion risks having many edvertising activites, such as OBA, define as direct marketing, and fall under the article 16 opt-in obligations. She also extends the extraterritoriality provision by clarifying that a person sending direct marketing commercial communications or collecting (other) information related to or stored in the end-user’s terminal equipment, which is not established in the Union shall designate in writing a representative in the Union (AM 43).

Specifically, on telemarketing, she strengthens the transparency provision, by requiring marketer to not just disclose an identity of a line on which the marketer can be contacted, but also that unsolicited marketing communications shall be clearly recognisable as such and shall indicate the identity of the legal or natural person transmitting the communication or on behalf of whom the communication is transmitted. Additionally, Lauristin, wants to make mandatory the use of a common prefix number to identify telemarketing calls. She also clarified, what was only implied in the Commission proposal, that telecom operators should provide the possibilities for user to block incoming calls from specific numbers, or numbers having a specific code or prefix identifying the fact that the call is a marketing call.

With regard to cookies and tracking in general, Lauristin further broaden the general prohibition rules, and limit the number of exceptions under which tracking can take place. The processing must be strictly technically necessary either for the transmission of the communication or for the provision of an information society service requested by the user. With regard to web analytics, Lauristin propose that processing technically necessary can be carried out either by the information society service provider requested by the user, or by a third party on behalf of the provider, or by an independent web analytics agency acting in the public interest or for scientific purpose. However, she clarifies that such web analytics can only be done provided that no personal data is made accessible to any other party and that such web audience measurement does not adversely affect the fundamental rights of the user. She also confirm that, in her view, the user’s consent should not be a condition for accessing a website.

Lauristin clarifies that consent can be given using technical specification, which shall be binding and enforceable. She clarifies software enabling access to the internet have to provides settings for user to express consent. And encourages browser to offer granularity of choice. This proposal is a way to give Do Not Track some sort of legal recognition.

MEPs had the opportunity to propose further amendments until the 10th of July, and over 820 amendments have been received in the LIBE committee. They will be discussed after the summer break.