Information Technology Industry Council | 31 May 2018
Business and tech groups call for more review of ePrivacy regulation
BRUSSELS – ITI, the global voice of the tech sector, joined 53 other business and tech associations in sending a letter to Member States ahead of the 8 June Telecoms (TTE) Council calling for more reflection before moving ahead with the approval process of the ePrivacy Regulation (ePR) proposal to ensure a coherent data protection legal framework for the EU. In the letter, the group also expressed concern about the extremely broad scope of the draft ePR, which would greatly limit the processing of a broad array of both personal and non-personal data and lead to inconsistencies with the GDPR framework.
In addition, the negative impacts of a broadly scoped and inflexible ePR threaten to undermine other important EU digital policy goals, such as those related to cybersecurity. For example, ePR does not clearly authorize third parties across the information ecosystem to process electronic communications data to perform basic cybersecurity functions such as detecting and mitigating cyberthreats or identifying and blocking cyberattacks, thus jeopardizing both the laudable goals of the Cybersecurity Act as well as the cybersecurity and privacy of EU citizens.
You can read the letter below.
Brussels, 31 May 2018
Ahead of the 8 June TTE Council, we urge Member States to remain cautious in their examination of the draft ePrivacy Regulation (ePR). Limited progress has been achieved since the beginning of Council discussions early last year and many questions remain open. More time is needed to assess the ePR’s scope of application, its overlaps with the General Data Protection Regulation (GDPR) and its impact on all sectors of the economy.
The ePR proposal has departed from the laudable objective of protecting the confidentiality of communications and goes on instead to greatly limit the processing of a broad array of both personal and non-personal data. Rather than complementing the GDPR, the proposal replaces and contradicts many of the fundamental checks and balances of the EU’s data protection framework.
For example, legal grounds for processing and consent requirements differ between the two instruments. The processing of electronic communications and terminal equipment data is not allowed under the same conditions as personal data under the GDPR. As a result, the same types of data are treated differently and non-sensitive data – such as non-personal data, which is not covered by the GDPR as it doesn’t relate to individuals – is subject to unreasonable rules.
The considerable negative impact of an inflexible ePR will extend to all sectors of the EU digital economy – from digital media to connected cars and smart manufacturing – which will be exposed to additional burden at best or, at worst, unable to continue offering and innovating their products and services using data.
The GDPR, which has only now come into full application, provides for comprehensive rules that industry, authorities and Member States are all working hard to implement. The GDPR was heavily inspired by discussions on the current ePrivacy Directive prior to 2009 and, subsequently, by its text; as such, it provides for the highest level of data protection, and departure from its provisions should not be tackled carelessly.
While we support the need to protect the confidentiality of communications, we believe that more reflection is needed on the ePR proposal to ensure a coherent data protection legal framework for the EU. Consistency between the ePR and the GDPR will secure a high level of privacy protection and legal clarity for businesses with regards to data processing and enforcement.
We call on Ministers to clearly signal during the 8 June meeting that Member State discussions on the ePR should not be rushed and trialogue negotiations should not commence until a robust, balanced and comprehensive General Approach is obtained. We stand ready to support the Council in its efforts to produce a more coherent outcome for the final Regulation.
The following associations have signed this letter:
ACEA – European Automobile Manufacturers’ Association acea.be
Acsel – Le Hub de la transformation digitale acsel.asso.fr
Adigital – Asociación Española de la Economía Digital adigital.org
AER – Association of European Radios aereurope.org
AFNUM – Alliance Française des Industries du Numérique afnum.fr
ANISP – Asociatia Nationala a Providerilor de Internet din Romania anisp.ro
APDSI – Associação para a Promoção e Desenvolvimento da Sociedade da Informação apdsi.pt
APPLiA – Home Appliance Europe applia-europe.eu
ASIC – Association des Services Internet Communautaires lasic.fr
BSA | The Software Alliance bsa.org
BVDW – Bundesverband Digitale Wirtschaft bvdw.org
CCIA – Computer and Communications Industry Association ccianet.org
CLEPA – European Association of Automotive Suppliers clepa.eu
COCIR – European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry cocir.org
Confederation of Industry of the Czech Republic spcr.cz
Dansk Erhverv – Danish Chamber of Commerce danskerhverv.dk
Dansk Industri – Confederation of Danish Industry di.dk
Developers Alliance developersalliance.org
DINL – Stichting Digitale Infrastructuur Nederland dinl.nl
EACB – European Association of Co-operative Banks eacb.coop
EBF – European Banking Federation ebf.eu
eco – Association of the Internet Industry eco.de
Ecommerce Europe ecommerce-europe.eu
ECTA – European Competitive Telecommunications Association ectaportal.com
EGBA – European Gaming and Betting Association egba.eu
EMMA – European Magazine Media Association magazinemedia.eu
EMOTA – European eCommerce and Omni-Channel Trade Association emota.eu
ENPA – European Newspaper Publishers’ Association enpa.eu
EPC – European Publishers Council epceurope.eu
European Tech Alliance eutechalliance.eu
FEDMA – Federation of European Direct and Interactive Marketing fedma.org
GESTE – Les éditeurs de contenus et services en ligne geste.fr
IAB Europe iabeurope.eu
ISFE – Interactive Software Federation of Europe isfe.eu
ISPA – Internet Service Providers Austria ispa.at
ITI – Information Technology Industry Council itic.org
IT&Telekomföretagen – Swedish IT and Telecom Industries itot.se
JBCE – Japan Business Council in Europe jbce.org
Latvijas Interneta Asociācija lia.lv
Nederland ICT nederlandict.nl
News Media Europe newsmediaeurope.eu
SAPIE – Slovak Alliance for Innovation Economy sapie.sk
SEPE – Federation of Hellenic Information Technology & Communications Enterprises sepe.gr
Syntec Numérique syntec-numerique.fr
TECH IN France techinfrance.fr
Technology Industries of Finland teknologiateollisuus.fi
Technology Ireland technology-ireland.ie
ZIPSEE – Digital Poland zipsee.pl
ZPP – Polish Union of Entrepreneurs and Employers zpp.net.pl