Unlike the GDPR (General Dana Protection Regulation), with which most of them are familiar and which ensures the protection of personal data, there is also one less known Regulation, the Regulation on the respect of private life and the protection of personal data in electronic communications or e-Privacy Regulation, but which is still in the proposal phase.
This Regulation should lay down rules concerning the protection of fundamental rights and freedoms of natural and legal persons in the provision and use of electronic communications services, in particular the right to respect for private life and to communicate and the protection of natural persons regarding the processing of personal data.
The ePrivacy Regulation and the GDPR refer to each other and the initial idea was both to apply in the EU Member States at the same time, namely on 25 May 2018. While this was the case with the GDPR, which celebrated 5 years of application this year, the ePrivacy Regulation is not the case and although the proposal was adopted on 10 January 2017 it has not yet been put into effect.
The ePrivacy Regulation should prescribe cases in which data subjects are to obtain consent to communicate through means of electronic communication. However, the ePrivacy Regulation does not prescribe what consent is, what it must contain and what it must be to be valid, what are the general principles for the collection of personal data but is regulated by the GDPR.
Also, the GDPR already regulates issues related to the legal bases for the collection of personal data using cookies or marketing activities, basic principles for the collection of personal data for these purposes, data subject rights, etc.
What, in relation to the GDPR, entails the e-Privacy Regulation is an additional set of non-compliance rules that will impose additional misdemeanor penalties.
Pending the entry into force of the ePrivacy Regulation, the current Privacy and electronic communications Directive (ePrivacy Directive) will also be in force. The ePrivacy Directive is binding on Member States of the European Union only with regard to the objectives it sets and Member States can regulate by national law how these objectives will be achieved. The Republic of Croatia did so by passing the electronic communications Act.
The protection of privacy in electronic communications is currently regulated in the Electronic communications Act (ZEK) and the monitoring of compliance with these provisions is carried out by the regulator in charge of electronic communications (Croatian regulatory Agency for Network activities – HAKOM). However, the new ePrivacy Regulation was conceived as an extension of the General personal data Protection Regulation, which moves the responsibility for its implementation to the body in charge of personal data protection (Personal data Protection Agency – AZOP).
The proposed text of the Regulation leaves no discretion for Member States to determine otherwise the national enforcement authority.
So, in addition to complementing the general Regulation on the protection of personal data, the ePrivacy Regulation also remains bound by the regulations governing electronic communications.
Also, a special new Directive on the European electronic media Code is planned.
The novelties adopted by the ePrivacy Regulation are the extension of the scope to:
– providers of online content and applications (so called OTT services (Over the top)) (e.g., Snapchat, Viber, Skype …)
– services whose communication is only a minor ancillary function, which is inextricably linked to another service (e.g., Facebook)
– machine-to-machine communication (smart TVs, cars, vacuum cleaners …)
The purpose of the extension is, on the one hand, to protect the privacy of end-users regardless of whether they use traditional or new communications services, and, on the other hand, to cover new services in addition to traditional communications services.
The ePrivacy Regulation strives to strike a balance between the interests of industry and the protection of privacy of individuals.
Industry collects quite a bit of data and sees profitable activities in processing and analysis, and on the other hand, privacy advocates seek stricter solutions, especially when it comes to tracking device signals without asking for consent, but only when it comes to notification, or when it comes to privacy settings, and when it comes to limiting access to sites and content, if the user does not allow tracking or placing cookies.
We now must wait and see if, when and to what extent the ePrivacy Regulation will be adopted and if so, how the harmonization of the industry will proceed since some are not yet fully alignedwith the GDPR.
*Source: https://eur-lex.europa.eu/legal-content/HR/TXT/PDF/?uri=CELEX:52017PC0010
