Since the European Commission unveiled a proposal for an e-Privacy Regulation in January 2017, this new piece of legislation, aiming to adapt rules on electronic communications and cookies, has undergone many iterations. On 26 July 2019, the Finnish government issued a revised proposal for the e-Privacy Regulation with some amendments that will be discussed
at a Council meeting during September.
This law regulates processing of electronic communications data by telecommunications operators. Before this amendment all electronic communications data was treated under the same rules, it is now proposed to split the rules to cover different types of data. This will mean that content can have different rules to metadata. The term metadata is used to describe a set of data that provides information about other data. For example, a digital photo could have metadata embedded into the file that contains the date and time, filename, camera settings and geolocation. By separating them it can treat them differently, as the use of metadata has become an increasing area of concern about privacy.
This draft of the e-Privacy Regulation also provides comprehensive rules for use of web cookies and similar files or tags, considerably extending the current regulations. referring now to any use of the storing or processing capabilities of the device (and not merely the storage or retrieval of information). In other words, cookies and stored information remain covered, but so do certain scripts and tags (which today largely falls outside of the scope of the current ‘cookie’ rules).
As far as ‘cookie walls’ are concerned (the practice of blocking access to content until a user gives consent to e.g. advertising cookies), the Council continues down the path it set a few iterations ago, not prohibiting cookie walls in principle provided the user is offered an ‘equivalent offer‘ that does not involve the need for such consent. It remains to be seen which of these proposals make it through the lengthy process and become EU law.
The ICO has updated its guidance on cookies with a news item and updated web pages.
The guidance provides a reminder on the key issues including:
The ICO has proposed fines for British Airways (£183m) and Marriott hotels (£99m) for personal data breaches.
The ICO also fined EE Limited £100,000 for sending over 2.5 million direct marketing messages to its customers, without consent.
The key point being that, if promotional material is included with a service message then the whole thing becomes a marketing message and subject to rules on consent. Ofcom has fined GiffGaff £1.4m for overcharging customers.
O2 is also subject to a new Ofcom investigation under the metering and billing directive for incorrectly charging some of its customers over a long period of time.
Personal numbering – Review of the 070 number range - Ofcom will impose a charge control on all 070 providers, to be set at the same rate as the mobile termination rate. This will come into effect on 1 October 2019.
Helping consumers get better deals - end-of-contract and annual best tariff notifications to be introduced by 15th February 2020.