The European Commission announced it will come out with a legislative proposal to reform the ePrivacy directive in mid-2017.
But telecoms are concerned that won’t leave legislators enough time to sort out a review of the controversial law.
The Commission announced a review of the ePrivacy directive as part of its flagship digital single market plans in May 2015. The executive made clear it wouldn’t touch the seven-year-old directive—which regulates telecoms companies’ handling of personal data—until 2016, after the EU data protection reform was signed and sealed. Last month, negotiations on the data protection regulation and directive came to an end.
Yesterday (13 January) a Juncker Commission official told anxious telecoms companies they can expect movement on the review in the upcoming months.
In the spring, the executive will open a public consultation on the ePrivacy directive.
“That will be ready hopefully by the end of March,” said Rosa Barcelo, head of sector for digital privacy at DG CONNECT.
In 2017, Barcelo said, the Commission will announce a proposal on the directive.
During the public consultation’s twelve-week run time, the European Commission wants to hold workshops with telecoms and groups with vested interest in the legislation.
Barcelo estimated that “close to summer” she could give further details about the proposal for a reformed ePrivacy directive, and declined to say more about what changes the Commission wants to see in the legislation.
Telecommunications firms are anxious about the directive, which they say overregulates their sector, without imposing similar rules on competing services from internet companies, like WhatsApp, and Skype.
“The revision of the ePrivacy Directive should be concluded as soon as possible, and ideally by the time the implementation of the Data Protection Regulation is completed. It is essential for consumers and businesses that there is consistency and certainty,” said Alessandro Gropelli, spokesperson for the European Telecommunications Network Operators’ Association (ETNO).
The data protection regulation is expected to go into effect in early 2018.
The executive is planning to propose separate legislation this summer based on its public consultation of the telecoms sector, which ended in December.
Some telecoms lobbyists expected a proposal on the ePrivacy directive to come earlier, and are worried that the Commission will be less likely to dramatically change what they call an outdated piece of legislation, since another new telecoms law is set to be proposed several months before.
Existing European rules on data protection were adopted in 1995, when the Internet was still in its infancy.
In January 2012, the European Commission published a vast legislative package aimed at replacing the existing rules and giving greater protection to personal data across the EU.
The package includes two legislative proposals: one general regulation on data protection (directly applicable in all the member states) and one directive specifically aimed at data protection in the police and the justice systems (to be transposed into national law).
Since then, the data protection debate took a new twist with revelations about US eavesdropping activities.
Whistleblower Edward Snowden revealed in 2013 that the NSA had secret wide-reaching authority to snoop on emails and internet communications using a data-mining programme called Prism.
European politicians reacted angrily to the news and called for stricter measures to ensure privacy.