E-Privacy Regulation
The ePrivacy Regulation was originally intended to replace the existing Privacy and Electronic Communications Directive (ePrivacy Directive) and create a modern legal framework for the protection of privacy in electronic communications. However, after an eight-year legislative process, the EU Commission has now withdrawn the project from its work program for 2025.
The goal of the planned regulation was to align the rules for electronic communications with the General Data Protection Regulation (GDPR). The focus was on the confidentiality of communications, the processing of communications data, and the storage and retrieval of information on end devices, such as through cookies and other tracking technologies. A key innovation would have been the explicit inclusion of Over-the-Top (OTT) communication services such as WhatsApp or Skype, which until now have not been subject to the same data protection rules as traditional telephony and SMS services.
The European Commission presented the first draft of the regulation in January 2017. Originally, the ePrivacy Regulation was supposed to come into force at the same time as the GDPR. However, while the European Parliament's LIBE Committee adopted its position as early as October 2017, it took until February 2021 for the Council of the EU to find a common position. Despite the subsequent trilogue negotiations, the significant differences between the positions of the Parliament and the Council could not be overcome.
With the announcement of its work program for the year 2025 on February 12, the EU Commission has now completely withdrawn the legislative project on the ePrivacy Regulation and is planning an omnibus act for European digital law, the so-called "Digital Package" for the end of 2025. An omnibus act is a legislative instrument through which several laws can be enacted or amended simultaneously. Specifically, according to the EU Commission, the Digital Package aims to eliminate the multiple tracks in European digital legislation, to revise and harmonize existing digital regulatory frameworks, and to create a simplified, clear, and coherent legal framework for companies and administrations regarding data transfer.
For the elaboration of the "Digital Package," the Federal Commissioner for Data Protection and Freedom of Information (BfDI) wishes that the EU Commission would now implement elsewhere the repeatedly demanded data protection regulations that were originally envisioned in the ePrivacy Regulation. For this, the BfDI also hopes for corresponding commitment from the German Federal Government. Further developments remain to be seen.