Spark and Time.lex ePrivacy study completed

Spark and Time.lex have now finalised our study on the ePrivacy Directive for DG Connect. The study “ePrivacy Directive: assessment of transposition, effectiveness and compatibility with proposed Data Protection Regulation” began in May 2014 and included the collection and analysis of data relating to the implementation and operation of the ePrivacy Directive in the EU28, as well as recommendations for future actions in this field.

The study highlighted that national provisions on topics such as cookies, traffic and location data or unsolicited communications, adopted pursuant the ePrivacy Directive, frequently have a different scope of application than the one defined by article 3 of the ePrivacy Directive, which is limited only to providers of publicly available electronic communication services (i.e. traditional telecoms companies). The limitation of the scope of the Directive only to providers of electronic communications services is ambiguous and may give rise to unequal treatment if information society service providers using the internet to provide communication services are generally excluded from its scope. To remedy this situation, we recommend to extend the scope of the ePrivacy Directive in general to also the latter type of services.

The study also considers that the rules on cookies and similar techniques may not have entirely achieved their objectives, given that users receive too many warning messages which they do not properly consider. Therefore, our report recommends maintaining the current opt-in approach to cookies, but limiting it only to situations where there is an interference with users’ privacy. This result may be achieved, for example, by broadening the exceptions to the cookie consent rule (which allows the placing of cookies in the users’ terminal equipment or equivalent web-tracking techniques only with the users’ prior and informed consent).

The study findings will feed into the forthcoming review of the ePrivacy Directive, not before the adoption of the General Data Protection Regulation. See here for further information: http://ec.europa.eu/digital-agenda/en/news/eprivacy-directive-assessment-transposition-effectiveness-and-compatibility-proposed-data