Articles Tagged with: Privacy
The new e-Privacy Regulation

by Michalis Fieros

Introduction

Over the past few years, the online environment has been evolving with tremendous speed. Internet users are at the epicentre of a continuous development and evolution. Apart from computers, all sorts of ‘smart’ devices which form part of our daily lives such as smart phones, TV sets and watches perform their various operations through their connection to the internet. Information which includes technical information, personal data and may also indicate personal preferences, is collected from such ‘smart’ devices, and shared with third parties for various purposes in processing operations which lack transparency.

The Current EU Regulatory Framework

Apart from the General Data Protection Regulation (GDPR), the protection of privacy in the sphere of electronic communications is currently regulated by the Privacy and Electronic Communications Directive (PECD) (also known as the ‘‘Cookie Directive’’), a Directive which entered into force in 2002.

 The new e-Privacy Regulation 

The EU’s initial aim was to enact the GDPR along with the new e-Privacy Regulation, which would repeal the PECD and reinforce trust and security within the EU digital market. Unfortunately, unlike the GDPR, the new e-Privacy Regulation is not yet finalized; however, indicative draft proposals are available.

The European Commission approved a first draft of the e-Privacy Regulation in January 2017, and this draft is still under discussion. Despite not having a final text yet, the numerous drafts contain important elements which give us some indications of the direction that the upcoming regulatory framework is taking.

Territorial Scope

The territorial scope of the latest draft mirrors the respective provisions of the GDPR. Under the latest draft (January 2021), the territorial scope of the e-Privacy Regulation is extended to entities located outside the European Union when dealing with end-users located within the EU.

Scope of Regulation

According to the latest draft, the e-Privacy Regulation applies to:

  • processing of electronic communications content and electronic communications metadata during the provision of electronic communications services;
  • the end-user’s terminal equipment information;
  • direct marketing communications to end-users;
  • provision of publicly accessible directories of users of electronic communications.

Consent

Under the available drafts, the elements of a valid consent under the GDPR are retained (informed, specific and freely given); however, a provision is included which allows for such a consent to be expressed via “appropriate technical settings”.

Apart from consent, under the latest draft the collection of information from an end-user’s terminal equipment is permissible where it is necessary:

  • for carrying out the transmission of an electronic communication over an electronic communications network;
  • for providing a service specifically requested by the end-user;
  • for web audience measurement;
  • for purposes of software updates, security, fraud prevention, the detection of technical faults as well as the location of technical equipment in cases of emergency .

Remedies and Administrative Fines

As in the case of the territorial scope, the latest draft of the upcoming e-Privacy Regulation mirrors the penalty regime of the GDPR. Organizations violating the e-Privacy Regulation may be handed down administrative fines of up to €20 million or 4% of their annual global turnover.

Persons who suffer “material or non-material damage” due to infringements of the e-Privacy Regulation will have the right to receive compensation from the infringer.

Lastly, natural or legal persons other than end-users adversely affected by violations of the e-Privacy Regulation shall have the right to bring legal proceedings in respect of such infringements.

Conclusion

We look forward to the finalised version of the text, so as to be able to advise clients on compliance.

NOTE: The information contained in this article is provided for informational purposes only, and should not be construed as legal advice on any subject matter. You should not act on the basis of any content included in this article without seeking legal advice.

Presentation to IDEA

On 5 March 2020, George Taoushanis gave a presentation to the participants of the new (5th) IDEA cycle. In light of the coronavirus, the presentation was given via electronic means. Stay healthy and keep innovating! #startups #innovate

Online Management of Personal Data

On 7 February 2020, Achilleas Demetriades was a keynote speaker at an event on the “Online Management of Personal Data” organised by the Office of the Commissioner for Personal Data in collaboration with the Press and Information Office (PIO) and the Cyprus Online Publishers Association (COPA). The presentation can be accessed here. Photo reproduced with the PIO’s kind permission.

IP and Data Protection presentation in Nicosia

On 12 December 2019, Achilleas Demetriades, Nicoletta Epaminonda and Michalis Fieros gave a presentation on IP and Data Protection to the Press and Information Office. All photographs are sourced from the website of the Press Information Office and can be accessed here.

IP and Data Protection presentation in Limassol

On 11 December 2019, Achilleas Demetriades, Nicoletta Epaminonda and Michalis Fieros gave a presentation on IP and Data Protection in relation to photographs. The event was co-organised by the Cyprus University of Technology and the Association of Photographers. All photographs are sourced from the Facebook page of the Association of Photographers and are reproduced with permission.

 

Digital Agenda CY

On 15/16 October 2019, Michalis Fieros and George Taoushanis of our office attended this year’s Digital Agenda CY, one of the biggest tech conferences in the Mediterranean.

BoC Hackathon #fintech 3.0

Don’t miss this amazing opportunity! IDEA Innovation Center and Bank of Cyprus are holding for 3rd year the BoC Hackathon #fintech 3.0, a 48-hour marathon that aims to support entrepreneurship and innovation.

Have you already applied? All participants will have the opportunity to win cash prizes: 1st €6000, 2nd €4000 & 3rd €2000 and remarkable networking opportunities. Winning teams may also be inducted into IDEAcy! Register here: http://bochackathon.com/