Revealed: Portugal’s plans to conclude ePrivacy saga

The Portuguese Presidency of the EU has pitched a new text on the controversial ePrivacy regulation, focussing on the processing of communications metadata and data stored on end-user equipment, the proposal obtained by EURACTIV reveals.

The Commission’s initial proposal for the ePrivacy Regulation was put forward in January 2017. [Shutterstock]

The Portuguese presidency of the EU has pitched a new text on the controversial ePrivacy regulation, focusing on the processing of communications metadata and data stored on end-user equipment, according to the latest proposal, obtained by EURACTIV.

The text, the latest in a long line of attempts by EU presidencies to find common ground following the European Commission’s 2017 proposal, was presented to EU delegations last Friday (5 February) and is due to be discussed during a meeting between diplomats on Wednesday (10 February).

“The most important change the Portuguese Presidency has proposed is the re-introduction of the possibility to process electronic communications metadata and to use the processing and storage capabilities of the end-users’ terminal equipment, including collection of information for further compatible processing,” Friday’s proposal states.

German Presidency charts new COVID19 'metadata' rules in leaked ePrivacy text

The German EU Council presidency is seeking to permit the processing of metadata in online communications for ‘monitoring epidemics’ or to help in ‘natural or man-made disasters,’ according to a leaked text on the ePrivacy regulation obtained by EURACTIV.

24 Months: Date of Application

Moreover, a substantial compromise has been pitched to the eventual application of the regulation, which the Portuguese now suggest should apply 24 months from the date of entry into force. It had previously stood at 12 months.

The ePrivacy regulation details the conditions under which service providers are able to process electronic communications data. Such data includes those transmitted in the use of online services, including messages sent on WhatsApp and video calls on platforms such as Zoom and Skype, for example.

The overall objective of the regulation is to afford online communications the same privacy protections as those afforded to traditional telecoms communications.

Security provisions for processing

Portugal’s recent proposal specifically reintroduces a new security provision for the processing of such data, stating that such processing by service providers should be permitted “to safeguard the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the safeguarding against and the prevention of threats to public security.”

In addition, the Portuguese now suggest that the processing of data stored on end-users’ terminal equipment can be permitted, with consent, only if the information is eventually made anonymous, if the processing is “limited to information that is pseudonymised,” and if the information or data will not be used to build a profile of the end-user.

The ePrivacy saga: the false choice between privacy and funding online publishing

As the Council seems to have (yet again) failed to adopt a general approach for the ePrivacy regulation, one question that bears asking is: would more exceptions for online tracking support online publishers or the advertising industry? Karolina Iwańska argues that here is a way to sustain online publishing and uphold privacy

Nine EU Council Presidencies

The Commission’s initial proposal for the ePrivacy Regulation was put forward in January 2017, in a bid to “reinforce trust and security in the digital single market.” The European Parliament’s Civil Liberties Committee adopted its report in October 2017, as well as the mandate to commence inter-institutional negotiations.

In the Council, representing EU member states, however, progress on the ePrivacy regulation has been dogged by disagreements over issues ranging from the inclusion of provisions in the regulation to allow for the detection of child pornography, to consent requirements and rules for the tracking of online activity through the use of cookies.

Portugal is the ninth EU presidency to lead the Council’s position on the rules, following Germany, Croatia, Finland, Romania, Austria, Bulgaria, Estonia, and Malta.

The latest proposal says that the Portuguese presidency has “tried to incorporate some of the proposals made by the delegations during the meeting to enable achieving a delicate balance that could be supported by the member states.”

EURACTIV sources say the latest proposal is likely to receive a warm response from delegations this Wednesday, and the Portuguese themselves are said to be hoping that common ground on the long-disputed text can finally be found.

Should EU delegates be able to adopt Portugal’s text, negotiations on the file with representatives from the European Parliament will be able to begin.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters