The Portuguese presidency of the EU has pitched a new text on the controversial ePrivacy regulation, focusing on the processing of communications metadata and data stored on end-user equipment, according to the latest proposal, obtained by EURACTIV.
The text, the latest in a long line of attempts by EU presidencies to find common ground following the European Commission’s 2017 proposal, was presented to EU delegations last Friday (5 February) and is due to be discussed during a meeting between diplomats on Wednesday (10 February).
“The most important change the Portuguese Presidency has proposed is the re-introduction of the possibility to process electronic communications metadata and to use the processing and storage capabilities of the end-users’ terminal equipment, including collection of information for further compatible processing,” Friday’s proposal states.
24 Months: Date of Application
Moreover, a substantial compromise has been pitched to the eventual application of the regulation, which the Portuguese now suggest should apply 24 months from the date of entry into force. It had previously stood at 12 months.
The ePrivacy regulation details the conditions under which service providers are able to process electronic communications data. Such data includes those transmitted in the use of online services, including messages sent on WhatsApp and video calls on platforms such as Zoom and Skype, for example.
The overall objective of the regulation is to afford online communications the same privacy protections as those afforded to traditional telecoms communications.
Security provisions for processing
Portugal’s recent proposal specifically reintroduces a new security provision for the processing of such data, stating that such processing by service providers should be permitted “to safeguard the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the safeguarding against and the prevention of threats to public security.”
In addition, the Portuguese now suggest that the processing of data stored on end-users’ terminal equipment can be permitted, with consent, only if the information is eventually made anonymous, if the processing is “limited to information that is pseudonymised,” and if the information or data will not be used to build a profile of the end-user.
Nine EU Council Presidencies
The Commission’s initial proposal for the ePrivacy Regulation was put forward in January 2017, in a bid to “reinforce trust and security in the digital single market.” The European Parliament’s Civil Liberties Committee adopted its report in October 2017, as well as the mandate to commence inter-institutional negotiations.
Portugal is the ninth EU presidency to lead the Council’s position on the rules, following Germany, Croatia, Finland, Romania, Austria, Bulgaria, Estonia, and Malta.
The latest proposal says that the Portuguese presidency has “tried to incorporate some of the proposals made by the delegations during the meeting to enable achieving a delicate balance that could be supported by the member states.”
EURACTIV sources say the latest proposal is likely to receive a warm response from delegations this Wednesday, and the Portuguese themselves are said to be hoping that common ground on the long-disputed text can finally be found.
Should EU delegates be able to adopt Portugal’s text, negotiations on the file with representatives from the European Parliament will be able to begin.
[Edited by Zoran Radosavljevic]