The Fate Of EU Legislation Designed To Bolster Data Protection Beyond The GDPR, The ePrivacy Regulation, Hangs In The Balance
from the lobbying?-what-lobbying? dept
Whatever your views on the EU’s General Data Protection Regulation (GDPR), there is no denying the impact it has had on privacy around the world. Where the GDPR deals with personal data stored “at rest”, the proposed ePrivacy Regulation deals with with personal data “in motion” — that is, how it is gathered and flows across networks. As Techdirt discussed two years ago, the pushback from Internet companies and the advertising industry against increased consumer protection in this area has been unprecedented. Some details were provided at the time in a report from the Corporate Europe Observatory. Unfortunately, that massive lobbying has paid off. Good ideas in the draft text produced by the European Parliament, like banning encryption backdoors or “cookie walls”, have been dropped, as has the right of Internet users to refuse to accept tracking cookies. In the most recent version of the text (pdf) put together under the Austrian Presidency of the Council of the European Union (one of the three EU institutions that has to agree on the final law), there’s even a new bad idea:
In some cases the use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment may also be necessary for providing an information society service, requested by the end-user, such as services provided to safeguard freedom of expression and information including for journalistic purposes, such as online newspaper or other press publications…that is wholly or mainly financed by advertising provided that, in addition, the end-user has been provided with clear, precise and user-friendly information about the purposes of cookies or similar techniques and has accepted such use
This section would give the news publishing industry a special right, enshrined in the ePrivacy Regulation, to use tracking cookies to support advertising, even though the original impetus behind the new law was to stop precisely this kind of obligatory commercial surveillance. Following its lobbyists’ success in obtaining a special link tax included in the awful EU Copyright Directive, this latest legal privilege is further testament to the power of the publishing industry in the EU.
Judging by the most recent draft text, the ePrivacy Regulation has been almost completely gutted of any strong protections for Internet users. And yet it seems even what little remains is too much for some EU member states, as a story on Euractiv reports:
The European Commission will present a revised ePrivacy proposal as part of the forthcoming Croatian Presidency of the EU, Internal Market Commissioner Thierry Breton announced on Tuesday (3 December), after previous talks failed to produce an agreement among member states.
The revamped measures will be made in a bid to find consensus between EU countries on the ePrivacy regulation which would see tech companies offering messaging and email services subjected to the same privacy rules as telecommunications providers.
Although the new Internal Market Commissioner Breton is quoted as saying: “You can count on me to find consensus between each of us”, others are not so sure. Some now believe that the entire ePrivacy Regulation will be dropped as being too hard to fix. That would be an incredible waste of years of work, a missed opportunity — and a huge victory for the lobbyists.
Follow me @glynmoody on Twitter, Diaspora, or Mastodon.
Filed Under: eprivacy regulation, eu, lobbying, privacy
Comments on “The Fate Of EU Legislation Designed To Bolster Data Protection Beyond The GDPR, The ePrivacy Regulation, Hangs In The Balance”
I thought the government was supposed to represent the people who voted for it. I’m sorry, I didn’t realise there were so many dumb cunts in the world!
Re: Re:
They do, right after they confuse issues enough so that a largely uninformed electorate doesn’t really understand the implications of policies beyond the pablum being fed to them by politicians who have different constituents to placate.
"like banning encryption backdoors or "cookie walls", have been dropped, as has the right of Internet users to refuse to accept tracking cookies. "
How do they intend to force one to accept tracking cookies?
Re: Re:
A site can simply refuse to function without the cookie(s) being present. So far sites have not been allowed to do this.
Re: Re:
While all major browsers have ‘Do not track" modes which serve to prevent long term tracking by cleaning up cookie files left behind, few if any proactively block tracking while on a website. And other trackers like verizon’s "super cookies" and facebook’s tracker dot are completely unaffected by such moves.
The issue is that a cookie, in the end is a file. And web browsing is entirely about requesting files without being able to KNOW what those files are before you get them. That’s why a lot of web safety is focused on preventing the running of arbitrary code and autoplay Flash and javascript widgets are security risks (on top of being annoying). Incognito modes delete leftover files, including tracking cookies. But preventing the file from existing in the first place is not actually a function of incognito mode, and websites are not required to adhere to a do not track flag.
Re: Re: Re:
Agreed.
It is not clear how they will remove the "right of Internet users to refuse to accept tracking cookies". Perhaps they do not really mean they are removing a right.
I know this is a bit off topic to the subject but has the GDPR actually had that much of an impact yet? I know companies have had to make policy adjustments and some are being heavily hit with data requests, which is causing it’s own set of problems. However does that really count as an impact with the intent behind the GDPR?
If I look around at my presence on the web, which admittedly I use no social media unless you count say Youtube comments or Reddit posts, I don’t see any impact that GDPR has caused and I’m wondering do I live in a sort of bubble or has GDPR really not done that much?
Re: Re:
Where do you live?
new ePrivacy - is cookie consent still needed?
I did not understand… Will I need to use on my site cookie consent?
Currently I use free cookie consent (https://2gdpr.com/cookieconsent)
Can I remove this banner?
new ePrivacy - is cookie consent still needed?
I did not understand… Will I need to use on my site cookie consent?
Currently I use free cookie consent (https://2gdpr.com/cookieconsent)
Can I remove this banner?