logo logo

Business and tech groups call for more review of ePrivacy regulation

Information Technology Industry Council | 31 May 2018

Business and tech groups call for more review of ePrivacy regulation

BRUSSELS – ITI, the global voice of the tech sector, joined 53 other business and tech associations in sending a letter to Member States ahead of the 8 June Telecoms (TTE) Council calling for more reflection before moving ahead with the approval process of the ePrivacy Regulation (ePR) proposal to ensure a coherent data protection legal framework for the EU. In the letter, the group also expressed concern about the extremely broad scope of the draft ePR, which would greatly limit the processing of a broad array of both personal and non-personal data and lead to inconsistencies with the GDPR framework.

In addition, the negative impacts of a broadly scoped and inflexible ePR threaten to undermine other important EU digital policy goals, such as those related to cybersecurity. For example, ePR does not clearly authorize third parties across the information ecosystem to process electronic communications data to perform basic cybersecurity functions such as detecting and mitigating cyberthreats or identifying and blocking cyberattacks, thus jeopardizing both the laudable goals of the Cybersecurity Act as well as the cybersecurity and privacy of EU citizens.

You can read the letter below.

Brussels, 31 May 2018

Ahead of the 8 June TTE Council, we urge Member States to remain cautious in their examination of the draft ePrivacy Regulation (ePR). Limited progress has been achieved since the beginning of Council discussions early last year and many questions remain open. More time is needed to assess the ePR’s scope of application, its overlaps with the General Data Protection Regulation (GDPR) and its impact on all sectors of the economy.

The ePR proposal has departed from the laudable objective of protecting the confidentiality of communications and goes on instead to greatly limit the processing of a broad array of both personal and non-personal data. Rather than complementing the GDPR, the proposal replaces and contradicts many of the fundamental checks and balances of the EU’s data protection framework.

For example, legal grounds for processing and consent requirements differ between the two instruments. The processing of electronic communications and terminal equipment data is not allowed under the same conditions as personal data under the GDPR. As a result, the same types of data are treated differently and non-sensitive data – such as non-personal data, which is not covered by the GDPR as it doesn’t relate to individuals – is subject to unreasonable rules.

The considerable negative impact of an inflexible ePR will extend to all sectors of the EU digital economy – from digital media to connected cars and smart manufacturing – which will be exposed to additional burden at best or, at worst, unable to continue offering and innovating their products and services using data.

The GDPR, which has only now come into full application, provides for comprehensive rules that industry, authorities and Member States are all working hard to implement. The GDPR was heavily inspired by discussions on the current ePrivacy Directive prior to 2009 and, subsequently, by its text; as such, it provides for the highest level of data protection, and departure from its provisions should not be tackled carelessly.

While we support the need to protect the confidentiality of communications, we believe that more reflection is needed on the ePR proposal to ensure a coherent data protection legal framework for the EU. Consistency between the ePR and the GDPR will secure a high level of privacy protection and legal clarity for businesses with regards to data processing and enforcement.

We call on Ministers to clearly signal during the 8 June meeting that Member State discussions on the ePR should not be rushed and trialogue negotiations should not commence until a robust, balanced and comprehensive General Approach is obtained. We stand ready to support the Council in its efforts to produce a more coherent outcome for the final Regulation.

The following associations have signed this letter:

ACEA – European Automobile Manufacturers’ Association

Acsel – Le Hub de la transformation digitale

Adigital – Asociación Española de la Economía Digital

AER – Association of European Radios

AFNUM – Alliance Française des Industries du Numérique


ANISP – Asociatia Nationala a Providerilor de Internet din Romania

APDSI – Associação para a Promoção e Desenvolvimento da Sociedade da Informação

APPLiA – Home Appliance Europe

ASIC – Association des Services Internet Communautaires


BSA | The Software Alliance

BVDW – Bundesverband Digitale Wirtschaft

CCIA – Computer and Communications Industry Association

CLEPA – European Association of Automotive Suppliers

COCIR – European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry

Confederation of Industry of the Czech Republic

Dansk Erhverv – Danish Chamber of Commerce

Dansk Industri – Confederation of Danish Industry

Developers Alliance


DINL – Stichting Digitale Infrastructuur Nederland

EACB – European Association of Co-operative Banks

EBF – European Banking Federation

eco – Association of the Internet Industry

Ecommerce Europe

ECTA – European Competitive Telecommunications Association


EGBA – European Gaming and Betting Association

EMMA – European Magazine Media Association

EMOTA – European eCommerce and Omni-Channel Trade Association

ENPA – European Newspaper Publishers’ Association

EPC – European Publishers Council



European Tech Alliance

FEDMA – Federation of European Direct and Interactive Marketing

GESTE – Les éditeurs de contenus et services en ligne

IAB Europe


ISFE – Interactive Software Federation of Europe

ISPA – Internet Service Providers Austria

ITI – Information Technology Industry Council

IT&Telekomföretagen – Swedish IT and Telecom Industries

JBCE – Japan Business Council in Europe

Latvijas Interneta Asociācija

Nederland ICT

News Media Europe

SAPIE – Slovak Alliance for Innovation Economy

SEPE – Federation of Hellenic Information Technology & Communications Enterprises

Syntec Numérique

TECH IN France

Technology Industries of Finland

Technology Ireland


ZIPSEE – Digital Poland

ZPP – Polish Union of Entrepreneurs and Employers

 Fuente: Information Technology Industry Council