This post is part of a series on ePrivacy. You can read our introduction to the series here.
The EU Council has reached a compromise agreement on its position on the new ePrivacy Regulation. This involved coming to agreement on various issues, including: processing data for further compatible purposes, extending the scope to cover machine-to-machine data transmitted via a public network, specifying the conditions for allowing processing on end-users’ terminal equipment without consent, and providing that end-users can consent to certain types of cookies by whitelisting.
It is conceivable, however, that the UK will consider alignment with the updated EU laws for two reasons:
- The ePrivacy Regulation has been a cornerstone of EU-wide privacy rules, along with the General Data Protection Regulation (GDPR). The relationship between the GDPR and the UK’s data protection rules is a timely topic, given on 19 February 2021, the European Commission issued its draft adequacy decision that would allow EU-to-UK data transfers. While the ePrivacy Regulation is not strictly relevant to the UK’s continued adequacy status, alignment on ePrivacy rules would likely be viewed positively by the EU institutions, which could prompt the UK to update its laws in line with the new EU regime.
- UK businesses who operate in the EU will feel the effects of the ePrivacy Regulation once it is enacted, as it will directly apply in all EU Member States. Additionally, the Regulation will have extra-territorial effect, similar to the GDPR. This means it will apply to any processing of electronic communications services, content, and metadata, and any e-marketing or storing of cookies, where the end-user is based in the EU.
As a result, UK businesses with EU custom would be smart to keep an eye on developments in the ePrivacy saga – and we will continue to provide updates when they happen.