ePrivacy regulation amendments under Romanian Presidency

At the beginning of the year, Romania took over the rotating presidency of the Council of the European Union. The EU ePrivacy Regulation was initially set out two years ago, to be implemented at the same time as GDPR.

A set of amendments to the proposed ePrivacy Regulation were released by the Romanian Presidency. These are worth looking at – but you should not expect any spectacular changes!

Which services warrant ePrivacy?

This has been an important matter within the ePrivacy Regulation proposal all along: communications privacy rules were to be expanded to services such as online marketplaces, gaming- or mobile apps messaging features.

The latest Romanian Presidency amendment makes it clear, referring to the definition of the new European Electronic Communications Code (EECC), that ‘interpersonal communications service’ that warrant such privacy protection shall include services that enable interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service.

In other words, no matter how insignificant the messaging feature may be in relation to the service, it warrants the protection of its privacy as any other interpersonal communication.

Limitations to the security processing exception

According to the amendments, security will be more difficult to use as a blanket exception for data processing. Whereas processing is acceptable if it is necessary to detect or prevent security risks and/or attacks on end-users’ terminal equipment, such processing is only permitted “for the duration necessary for that purpose”.

Other interesting amendments

The amendments include a requirement for supervisory authorities to cooperate with data protection authorities when appropriate, as well as new investigative and corrective powers for those supervisory authorities.

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

Bostjan Makarovic

Bostjan Makarovic

Bostjan Makarovic is Aphaia's Founder. In addition to 14 years of industry experience, he holds Queen Mary, University of London PhD in legal regulation of NGN, London School of Economics and Political Science MSc in Environmental Policy and Regulation, and is IAPP-certified international privacy professional (CIPP/E).
Bostjan Makarovic

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *