At the beginning of the year, Romania took over the rotating presidency of the Council of the European Union. The EU ePrivacy Regulation was initially set out two years ago, to be implemented at the same time as GDPR.
A set of amendments to the proposed ePrivacy Regulation were released by the Romanian Presidency. These are worth looking at – but you should not expect any spectacular changes!
Which services warrant ePrivacy?
This has been an important matter within the ePrivacy Regulation proposal all along: communications privacy rules were to be expanded to services such as online marketplaces, gaming- or mobile apps messaging features.
The latest Romanian Presidency amendment makes it clear, referring to the definition of the new European Electronic Communications Code (EECC), that ‘interpersonal communications service’ that warrant such privacy protection shall include services that enable interpersonal and interactive communication merely as a minor ancillary feature that is intrinsically linked to another service.
In other words, no matter how insignificant the messaging feature may be in relation to the service, it warrants the protection of its privacy as any other interpersonal communication.
Limitations to the security processing exception
According to the amendments, security will be more difficult to use as a blanket exception for data processing. Whereas processing is acceptable if it is necessary to detect or prevent security risks and/or attacks on end-users’ terminal equipment, such processing is only permitted “for the duration necessary for that purpose”.
Other interesting amendments
The amendments include a requirement for supervisory authorities to cooperate with data protection authorities when appropriate, as well as new investigative and corrective powers for those supervisory authorities.