On 10 January 2016, the EU unveiled its Data Economy Package, consisting of a new Proposal for a regulation on privacy and electronic communications, a Communication on Exchanging and Protecting Personal Data in a Globalised World and a Consultation on building the European data economy.
The measures aim to update current rules, extending their scope to all electronic communication providers as well as maintaining trust in the Digital Single Market.
The proposal is made in line with the Commission’s Digital Single Market Strategy (“DSM Strategy”) which aims to tear down regulatory walls and finally move from 28 national markets to a single one. A fully functional Digital Single Market could, the Commission claims, contribute €415 billion per year to the European economy and create hundreds of thousands of new jobs.
The Commission has already adopted the Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), which was a key action for increasing trust and security of digital services, and it is noteworthy that complements and particularises the GDPR. The DSM Strategy also however aimed to review Directive 2002/58/EC (“ePrivacy Directive”) in order to provide a high level of privacy protection for users of electronic communications services and a level playing field for all market players.
The proposed Regulation aims to update the current ePrivacy Directive with a directly applicable Regulation so that all people and businesses in the EU will enjoy the same level of protection for their electronic communications. It also aims to reflect current technological developments, whereas the current ePrivacy Directive only applies to traditional telecoms operators, the new proposal will now also cover new providers of electronic communications services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber.
The proposal also aims to guarantee privacy for both content and metadata derived from electronic communications (e.g. time of a call and location) as well as providing simpler rules on cookies. New rules will allow users to be more in control of their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks.
The Commissions Communication further sets out a strategic approach to the issue of international personal data transfers, which will facilitate commercial exchanges and promote better law enforcement cooperation, while ensuring a high level of data protection. The Communication also reiterates that the Commission will continue to promote the development of high data protection standards internationally, both at bilateral and multilateral levels.
The Commission is also currently conducting a consultation on building the European data economy which will run until 26 April 2017 and feed into the Commission’s possible future initiative on the European Data Economy later in 2017.
With the presentation of the package and the proposed measures, the Commission is calling on the European Parliament and the Council to work swiftly and to ensure a smooth adoption by 25 May 2018, when the General Data Protection Regulation will enter into application. The intention is to provide citizens and businesses with a complete and compatible legal framework for privacy and data protection in Europe by May 2018