Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
E-Privacy Regulation, the green light to negotiations, European Council.

E-Privacy Regulation, the green light to negotiations, European Council.

After four years of negotiations, yesterday the European Member States have agreed on a negotiating mandate for the revision of privacy protection and e-communications services confidentiality regulations. 

Updating rules on “ePrivacy” will define cases in which services providers can process data of e-communication or have the access to stored data on disposals of final users. The agreement of yesterday permits the current Portugues President to start meetings with the European Parliament on the final text. 

As we can notice into the official statement of the European Council, “solid rules on privacy are fundamental in order to create and maintain the confidentiality in a digital world” and for this reason is necessary an update of the current ePrivacy Directive of 2002 in order to meet the new technological and market developments, as in the current and widespread use of Voice over IP, services of emails and messages based on web and the emerge of new techniques for the control of online users. 

The ePrivacy proposal will repeal the current directive of 2002. Because lex specialis of the General Data Protection Regulation, will explain and integrate the GDPR. For example, in contrast with the GDPR, many disposals about ePrivacy will be applied to both natural persons and legal ones. 

Based on the terms of the Council, the Regulation will cover all the contents of e-communications shared by using services and networks which are accessible by the public and metadata about communications. For example, metadata includes information on the position, the hour and the recipient of the communication, and for this reason are considered sensitive as the same content of the communications. 

In order to guarantee the full protection of privacy rights and in order to promote an Internet of Things safe and sure, rules will also concern data from a machine to a machine shared with a public network. 

Rules will be applied when final users are into the European Union. This will cover also cases in which the processing happens out of the European Union or the services provider is established or located out of the European Union. 

Normally, e-communication data shall remain private. Any interference, including listening, the control and the personal data processing by anyone who is not a final user, will be prohibited, except cases in which ePrivacy regulation will permit it. 

Permissible processing of electronic communications data without the user’s consent includes, for example, ensuring the integrity of communications services, checking for malware or viruses, or cases where the service provider is bound by EU or Member State law to prosecute crimes or prevent threats to public safety. Metadata may be processed, for example, for billing purposes or to detect or block fraudulent use.

With the user’s consent, service providers could, for example, use metadata to display traffic movements to help public authorities and transport operators develop new infrastructure where it is most needed.

Metadata could also be processed to protect users’ vital interests, including monitoring epidemics and their spread or in case of humanitarian emergencies, in particular natural and man-made disasters. In some cases, providers of electronic communications networks and services will be able to process metadata for a purpose other than that for which it was collected, even when this is not based on the user’s consent or on certain provisions on legislative measures under EU or Member State law.

In addition, the end user should be given the opportunity to choose whether to accept cookies or similar identifiers. Making access to a website on the basis of consent on cookies for additional purposes an alternative to a paywall will be allowed if the user is able to choose between this offer and an equivalent offer from the same provider which does not involve consent to cookies.

To avoid cookie consent fatigue, an end user will be able to provide consent to the use of certain types of cookies by whitelisting one or more providers in the browser settings. Software providers will be encouraged to make it easy for users to set and edit whitelists on their browsers and revoke consent at any time. The regulation will enter into force 20 days after its publication in the Official Journal of the EU and will start to apply two years later.

ST_6087_2021_INIT_en

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research