Draft EU ePrivacy Regulation Leaked

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week.

The proposal is for a much stricter regime, requiring prior consent for cookies and any kind of online tracking techniques.  Fines for failure to comply may reach as high as 4% of a company’s global revenues.

The proposed new instrument will be a directly applicable Regulation, and is intended to harmonise communications privacy rules with the wider GDPR.  Unlike the GDPR there will be only a 6 month lead in period from the law being passed, which will not give much time for business to react.

The revised rules are particularly aimed at what the legislators call the ‘surreptitious monitoring’ of online behaviour, and will have a big impact on third party cookies and tracking that enables often invisible companies to build up profiles of web users internet activity.

There are some changes that will be welcomed by website owners, most notably that web analytics will be exempt from the requirement for consent. 

A lot of emphasis is placed on encouraging web browsers to take more active role in mediating consent to avoid the need for overly intrusive pop-ups, but this will rely on some significant changes to the way most browsers currently work – so it remains to be seen whether they will be willing and able to take on such responsibilities.  What is very likely however is that the Do Not Track setting in browsers will take on more significance than it has to date.

As with the GDPR, the new ePrivacy Regulation will have significant extra territorial effects, and will require websites around the world to respect the rights of EU based visitors.