On 11 April 2016, the European Commission consulted on Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”), seeking input from a wide range of businesses, organizations and individuals on the effectiveness of the ePrivacy Directive and their views for its revision. The European Commission’s review is a key element of its Digital Single Market Strategy, which aims to reinforce trust and security in digital services in the EU.
The European Commission released the results of this consultation on 19 December 2016. The consultation received 421 replies from stakeholders in all Member States and outside the EU, which included 162 replies from citizens; 186 contributions from industry actors; 40 public authorities, including competent authorities which enforce the ePrivacy Directive at national level; 33 contributions from civil society associations. The largest number of respondents came from Germany (25.9%), UK (14.3%), Belgium (10%) and France (7.1%).
The key points arising from the consultation are as follows:
- Most citizens, consumer and civil society organisations responding to the consultation consider it relevant to have specific ePrivacy rules for the electronic communications sector on confidentiality (83.4%), traffic and location data (73%), unsolicited commercial communications (78%) and notification of personal data breaches (72.8%). The reasons given for these views include the need to protect the personal data of consumers and the belief that consumers should be in control of their own data. However, most industry respondents (63%) opposed such specific regulations.
- Most citizens, consumer and civil society organizations (76.2%) consider that the ePrivacy Directive has been thus far largely ineffective in achieving its objective of ensuring the full protection of privacy and confidentiality of communications across the EU. Reasons given for this view include limited or inadequate application of the ePrivacy Directive (as over-the-top service providers such as instant messaging and web mail services are excluded and a belief that the rules on cookies are ineffective), the sector-specific nature of the confidentiality obligation, and the diversity in understanding and enforcement of the ePrivacy Directive between member states. However, a majority of industry respondents (57%) thought that the Directive has achieved its objectives in this area.
- The scope of the rules on over-the-top service providers was noted as a priority for revision. Most citizens (76%), some consumer and civil society organizations, and most public authorities (93%) believe the rules should (in part) be broadened, whereas 42% of industry respondents opposed expansion of the scope.
The results of the consultation (which can be downloaded here), along with the results of the Eurobarometer on ePrivacy conducted by the European Commission (a survey to assess the general opinions of citizens across the EU in relation to key issues that are part of online privacy), will feed into a review of the ePrivacy Directive. This will be published by the European Commission at the beginning of 2017.