With the ink not even dry on the General Data Protection Regulation (GDPR), the European Commission is gearing up for a review of the ePrivacy Directive. An official from the Commission's DG CONNECT indicated in January that the Commission is looking to announce a proposal for reform of the Directive in 2017, with a twelve-week public consultation expected to be launched by the end of March 2016.
The ePrivacy Directive - Directive 2002/58/EC - is part of the EC's Regulatory Framework for Electronic Communications and applies to "the processing of personal data in connection with the provision of publicly-available electronic communications services in public communications networks" in the EU.
Although perhaps best known as the source of EU "cookies law", the Directive additionally deals with a range of other issues, including security and confidentiality of communications, traffic and location data, itemised billing, calling and connecting line identification, automatic call forwarding, subscriber directories and unsolicited commercial communications. It was last amended in 2009.
In May 2015, the Commission announced its intention to review the Directive as one of 16 key actions to be delivered by the end of 2016 under its "Digital Single Market" initiative. However the Commission indicated that the GDPR would need to be settled first before any review of the Directive could kick off.
While the Commission itself has been tight-lipped about the changes we can expect in the Directive, the June 2015 report commissioned by the EC may give some clues as to areas that may be considered. The report consisted of an assessment of the Directive's transposition into Member State law and a review of its effectiveness and its compatibility with the Data Protection Regulation (as then proposed). Among other things it recommended:
However, after the Herculean task of getting the GDPR finally over the line, it will be interesting to see just how much appetite the Commission has for major change to the ePrivacy Directive and/or amendment to the GDPR.