On February 10th, 2021 member states of the Council of the European Union agreed their positions on the protection of privacy and confidentiality in the use of electronic communications services. The Commission presented the proposal of the new ePrivacy regulation in January 2017. The ePrivacy rules, now updated, will define cases in which services providers are allowed to process electronic communication data or have access to users’ data stored.
There was the need for a new and updated ePrivacy regulation, because of new technological and market developments. This means that the old ePrivacy Directive of 2002 will be soon substituted by the new regulation. The draft of the ePrivacy regulation will particularise and complement the GDPR, as lex specialis.
These are some of the most important provisions. Under the Council mandate, the regulation will cover electronic communications content transmitted using publicly available services and networks, and metadata related to the communication. There will be a full protection of privacy rights and a promotion of a trusted and secure Internet of Things. The rules will apply when end-users are in the EU. Metadata may be processed for instance for billing, or for detecting or stopping fraudulent use. The end-user should have a genuine choice on whether to accept cookies or similar identifiers. This brand new regulation would enter into force 20 days after its publication in the EU Official Journal, and it would start to apply two years later.