GDPR or ePrivacy, that is the question?
IIC UK CHAPTER EVENT
Tuesday, 5th march 2019
hosted by the Institute squire patton boggs, London
Last time the IIC UK discussed GDPR implementation we looked at the uncertainty created by Brexit.
While that uncertainty remains, there is wider uncertainty: on the application of ePrivacy rules – whether in the UK or the EU, and beyond – particularly when it comes to the communications sector.
Many have suggested that the proposal to update the ePrivacy Directive in the form of a regulation -- in light of the GDPR and the new Electronic Communications Code (EECC) -- is unlikely to be adopted before mid-2019, when the mandate of the sitting European Parliament comes to an end. Nonetheless, the current Romanian presidency is driving an ambitious calendar that could see the proposal being agreed by the Council within weeks of this event. Trilogues with the European Parliament could start as early as end of March and final agreement could be reached by the end of 2019.
Whether or not the proposed ePrivacy Regulation is passed, there is a flurry of questions concerning exactly how (or even which) EU privacy legislation now applies to communications providers. Take sanctions, for example. Is failure to obtain consent under the ePrivacy Directive subject to GDPR sanctions? Are GDPR Article 28 agreements (and the Standard Contractual Clauses for international transfers) applicable to communications data passed from one operator to another?
Additional questions surround the changes that will be coming when the EECC becomes applicable in 2020, classifying online communications providers as ECS and thus, in principle, fully subjecting ‘OTTs’ to the ePrivacy rules.
For all sector participants, there is the additional conundrum of how the new provisions of the ePrivacy Regulation will be interpreted and how they will interoperate with the GDPR.
Our panel of experts discussed the application and interpretation of this complex and fast-evolving legal framework.
Squire Patton Boggs UK LLP
Managing Director for Public Policy EMEA, McAfee
Director of EU Government Affairs, Microsoft Corporation
Director, Digital Policy Alliance;
former Chair of the Internal Market Committee, European Parliament
Group Privacy Officer, Vodafone