On February 10, 2021, the Council of the European Union (EU) agreed on its version of the draft ePrivacy Regulation (Council Position). The long-awaited ePrivacy Regulation, which will repeal the existing ePrivacy Directive, overhauls the rules on cookies and regulates the use of and access to electronic communications data.
The new ePrivacy Regulation will directly regulate telecom operators, providers of voice over IP, messaging and web-based email services, as well as other types of digital communication services. Importantly, it will also significantly impact all companies operating on the internet, as it will affect the ad tech ecosystem, including website publishers and any companies using, reading, or dropping cookies or other tracking technologies.
While this version is a critical step towards adoption, it will still take several months before the regulation is finalized. Now, the EU Commission, the European Parliament, and the Council of the EU will negotiate the terms of the final text. The final text of the ePrivacy Regulation will thus differ from what we describe below, which summarizes the critical aspect of the Council's common position.
Background
The ePrivacy Directive was adopted nearly two decades ago (in 2002) to establish a harmonized framework for regulating electronic communications networks and services.
In January 2017, the European Commission published a first draft of the new ePrivacy Regulation (Commission Proposal). The review aims to address technological developments, given the emergence of new internet-based services and tracking technologies. At the end of 2017, the European Parliament adopted amendments to the Commission Proposal (Parliament Report); the text was then sent to the Council for consideration. It took more than three years for the Council to adopt the Council Position.
You can find more information on the Commission Proposal here, and the Parliament Report here.
Key Points of the Council Position
The following are the key takeaways from the Council Position:
Conclusion and Next Steps
Following the Council Position's publication, the European Commission, the European Parliament, and the Council of the EU will negotiate the terms of a final version of the ePrivacy Regulation. If adopted, the long-expected ePrivacy Regulation will substantially impact all companies operating on the internet, including telecom providers, app providers, and the advertising technology industry. Under the current draft, companies would benefit from a two-year transition period to comply with the new rules.
We will continue to monitor the developments of the negotiations and provide updates on any important news.
Wilson Sonsini helps clients manage risks related to the enforcement of privacy and data protection laws, along with advising clients on general domestic and international privacy and data security issues. For more information, contact Cédric Burton or another member of the firm's privacy and cybersecurity practice.
Nik Theodorakis, Carol Evrard, and Roberto Yunquera Sehwani contributed to this Alert.