When the European Commission proposed to replace the outdated and
improperly enforced 2002 ePrivacy Directive with a new ePrivacy
Regulation in January 2017, it marked a cautiously hopeful moment for
digital rights advocates across Europe. With the backdrop of the General
Data Protection Regulation (GDPR), adopted in May 2018, Europe took a
giant leap ahead for the protection of personal data. Yet by failing to
adopt the only piece of legislation protecting the right to privacy and
to the confidentiality of communications, the Council of the European
Union seems to have prioritised private interests over the fundamental
rights, securities and freedoms of citizens that would be protected by a
strong ePrivacy Regulation.
This is not an abstract problem; commercial surveillance models ? where
businesses exploit user data as a key part of their business activity ?
pose a serious threat to our freedom to express ourselves without fear.
This model relies on profiling, essentially putting people into the
boxes in which the platforms believe they belong ? which is a very
slippery slope towards discrimination. And when children increasingly
make up a large proportion of internet users, the risks become even more
stark: their online actions could impact their access to opportunities
in the future. Furthermore, these models are set up to profit from the
mass sharing of content, and so platforms are perversely incentivised to
promote sensationalist posts that could harm democracy (for example
The rise of highly personalised adverts (?microtargeting?) means that
online platforms increasingly control and limit the parameters of the
world that you see online, based on their biased and potentially
discriminatory assumptions about who you are. And as for that online
quiz about depression that you took? Well, that might not be as private
as you thought.
It is high time that the Council of the European Union takes note of the
risks to citizens caused by the current black hole where ePrivacy
legislation should be. Amongst the doom and gloom, there are reasons to
be optimistic. If delivered in its strongest form, an improved ePrivacy
Regulation helps to complement the GDPR; will ensure compliance with
essential principles such as privacy by design and by default; will
tackle the perversive model of online tracking and the disinformation it
creates; and it will give power back to citizens over their private life
and interests. We urge the Council to swiftly update and adopt a strong,
citizen-centered ePrivacy Regulation.
e-Privacy revision: Document pool: Document pool
ePrivacy: Private data retention through the back door (22.05.2019)
Captured states ? e-Privacy Regulation victim of a ?lobby onslaught?
NGOs urge Austrian Council Presidency to finalise e-Privacy reform
e-Privacy: What happened and what happens next (29.11.2017)
(Contribution by Ella Jakubowska, EDRi intern)