Menu visibility control

Video

Events

Startup Surgery

Most Recent

News

British robot firm moves production to Madrid to maintain EU base post-Brexit

Investments

AI startup Mogees raises £1m, brings total to £3m

Investments

InsurTech startup Neos lands £5m in Series A round

Press Releases

Zzish hits £1.15m funding target on Crowdcube for technology that will democratise quality education and move the needle on learning
Okappy announces the launch of its investment pitch on the AngelsDen equity crowdfunding platform
Recruitment disruptor talent.io poised for further growth with €8m investment secured

What the proposed revision of the EU ePrivacy Directive means for UK tech firms

regulation
twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

Earlier this month, the European Commission published a proposal for regulation that seeks to revise the current EU ePrivacy Directive.

The 35-page proposal is the result of a review of Directive 2002/58/EC (the ePrivacy Directive) called for under the Digital Single Market Strategy. The aim is to ensure users of electronic communications services receive a high level of privacy protection.

Consent

Jocelyn Paulley, director at international law firm Gowling WLG, said one of the key takeaways from the proposed revision to the ePrivacy Directive is that it demands companies get user consent before accessing any electronic communications content (or metadata related to this) or information on a user’s device. There would be limited exemptions for billing and performing services requested by the user, though.

Tech Nation: UK tech tops European investment tables raising £6.8bn in 2016

“This is justified by the European Commission’s research showing that the vast majority of people view this data as confidential,” Paulley added.

Another key takeaway from the proposal is that rules about marketing consents would stay the same. Companies would also still have to gain consent for the use of any privacy-intrusive cookies.

Consent would not be required, however, for non-privacy intrusive cookies, such as those used for anonymous analytics. Also, website operators could point users to setting cookie controls in their browser, rather than the operator having to create their own controls within the website.

Similarities with GDPR

The revision is designed to ensure consistency between the ePrivacy Directive and the General Data Protection Regulation (GDPR), which will be introduced in May 2018.

The new proposed ePrivacy regulation is a separate to the GDPR, but there are a number of parallels between the two.

“The main concern that they [both pieces of regulation] wish to address is transparency to consumers and protecting consumers from uses of their data of which they are not aware,” Paulley said.

jocelyn-paulley

Jocelyn Paulley, Gowling WLG

Both GDPR and the ePrivacy update proposal are designed to harmonise the various data protection laws that exist across the EU.

They are also both ‘regulations’ (not ‘directives’), so they will automatically apply to all EU member states without the need for governments to implement national legislation.

The fines levied for breaking the regulation would be at the same levels as those collected for breaches of the GDPR, plus, the same UK regulator – the Information Commissioner’s Office – would be used for both.

As for when the proposed regulation would be applied, Paulley said: “The European Commission wants this to be law by May 2018 to coincide with the end of the implementation period for GDPR.”

Post Brexit

But will either of the regulations actually apply to the UK once Brexit is implemented and the UK leaves the European Union? For a start, companies outside the EU that provide electronic communications services to EU citizens would be subject to both sets of regulation.

In addition, Paulley said: “The government’s current plan is that the very misleadingly named Great Repeal Bill will convert all European laws into English law, so that all European laws will be law in the UK on the date that the UK leaves Europe.”

The British government will then have the option to revoke or amend this new legislation, but Paulley believes that, as with other laws related to privacy and the internet, “there are strong arguments to maintain harmony with the European approach to simplify the cost of compliance for businesses and unlock the €145bn e-commerce market”.

Enter your email address to receive updates straight to your inbox

* indicates required
Send me news on...
twitterlinkedinFacebookgoogle_plustwitterlinkedinFacebookgoogle_plus

Editor's picks

British robot firm moves production to Madrid to maintain EU base post-Brexit
posted 5 hours ago

AI startup Mogees raises £1m, brings total to £3m
posted 7 hours ago

smart home

InsurTech startup Neos lands £5m in Series A round
posted 11 hours ago

Bath-based wedding planning app Prezola raises £3m
posted 12 hours ago

ThingTrax

EXCLUSIVE: IoT startup ThingTrax gets over £250,000 in Seed funding
posted 15 hours ago

Amber Rudd

UK govt reportedly planning to ban encryption following Manchester attack
posted on May 24, 2017