The European Data Protection Supervisor (EDPS) has published further recommendations on the proposed EU Regulation on Privacy and Electronic Communications (commonly referred to as the ePrivacy Regulation). The ePrivacy Regulation seeks to modernise and clarify the technological requirements for ensuring privacy of electronic communications. The ePrivacy Regulation is intended to come into force alongside the GDPR in May 2018, but there are concerns by the European Council that this deadline will not be met.

The ePrivacy Regulation, in comparison with the existing law under PECR, provides changes including the confidentiality of communications between devices, allowing consent to cookies through browser settings, adopting the definition of consent under the GDPR and increasing the fines available in line with the GDPR. The EDPS has issued previous advice on the matter, but decided to update it following developments in deliberations.

The EDPS advises that the confidentiality of communications should encompass content, metadata and data related to the terminal equipment used by the end user. The EDPS also recommends that the ePrivacy Regulation should offer a higher level of protection than the GDPR and require privacy protective settings by default.

Click here to read the EDPS’ recommendations in full.