Sunday, November 03 2019
In the 2016 sees the light, after several years of work, the final version of the new regulation for the protection of personal data, the GDPR, which comes into force since May 25. One of the most important innovations that it brings with it, in addition to an innovative content in different aspects, is the fact of being a regulation rather than a directive. This has the advantage of not having to be implemented in the various countries because it prevails over internal legislation but the disadvantage of requiring long preparation times to harmonize the needs of different countries.
Well a provision of such importance could not fail to take into account the ePrivacy directive, with which the GDPR must necessarily be harmonized.
In fact the directive is mentioned several times:
As can be seen from the previous points, and as often happens with regard to other topics, the regulation does not give precise explanations on how to understand the relationship between the GDPR itself and the ePrivacy directive, delegating this task to further explanations and in-depth analyzes.
In the meantime, following what was suggested by the recital 173, the European parliament is working to create an update of the ePrivacy directive and also in this case, new, it is oriented towards a regulation rather than recreating a directive. In this regard, the 10 January 2017 is presented by the Commission a “Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning respect for private life and the protection of personal data in electronic communications and repealing the 2002 / 58 / CE directive (regulation on private life and electronic communications) ".
The diligence with which this draft is presented, with respect to the entry into force of the GDPR, and the points of the draft mentioned below:
they suggest a quick re-proposal of the new regulation, such that it can enter into force on the same date as the GDPR becomes fully operational, the 25 May 2018.
Unfortunately this does not happen and, more than a year after the hypothesized entry into force, there is no trace of the new regulation or the release of new drafts. It is assumed that, due to the structure of the regulation itself, which does not allow for local adjustments, and the need for a correct balance in appropriately balancing the rights of data subjects with the interests of important market players including OTTs, the path of this regulation is undergoing a profound slowdown and probably also a profound change from the January 2017 proposal.
It is probably due to this delay, the disappointment that follows, the lack of clarity that electronic communication operators have following the entry into force of the GDPR, that the EDPB publishes an in-depth document on the interpretation of the relationship between the ePrivacy directive and the GDPR: Opinion 5 / 2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities - Adopted on 12 March 2019.
In the next publications we will deepen our knowledge of the draft of the new regulation and of the Opinion 5 / 2019 of the EDPB.