The Fate Of EU Legislation Designed To Bolster Data Protection Beyond The GDPR, The ePrivacy Regulation, Hangs In The Balance
from the lobbying?-what-lobbying? dept
Whatever your views on the EU's General Data Protection Regulation (GDPR), there is no denying the impact it has had on privacy around the world. Where the GDPR deals with personal data stored "at rest", the proposed ePrivacy Regulation deals with with personal data "in motion" -- that is, how it is gathered and flows across networks. As Techdirt discussed two years ago, the pushback from Internet companies and the advertising industry against increased consumer protection in this area has been unprecedented. Some details were provided at the time in a report from the Corporate Europe Observatory. Unfortunately, that massive lobbying has paid off. Good ideas in the draft text produced by the European Parliament, like banning encryption backdoors or "cookie walls", have been dropped, as has the right of Internet users to refuse to accept tracking cookies. In the most recent version of the text (pdf) put together under the Austrian Presidency of the Council of the European Union (one of the three EU institutions that has to agree on the final law), there's even a new bad idea:
In some cases the use of processing and storage capabilities of terminal equipment and the collection of information from end-users' terminal equipment may also be necessary for providing an information society service, requested by the end-user, such as services provided to safeguard freedom of expression and information including for journalistic purposes, such as online newspaper or other press publications...that is wholly or mainly financed by advertising provided that, in addition, the end-user has been provided with clear, precise and user-friendly information about the purposes of cookies or similar techniques and has accepted such use
This section would give the news publishing industry a special right, enshrined in the ePrivacy Regulation, to use tracking cookies to support advertising, even though the original impetus behind the new law was to stop precisely this kind of obligatory commercial surveillance. Following its lobbyists' success in obtaining a special link tax included in the awful EU Copyright Directive, this latest legal privilege is further testament to the power of the publishing industry in the EU.
Judging by the most recent draft text, the ePrivacy Regulation has been almost completely gutted of any strong protections for Internet users. And yet it seems even what little remains is too much for some EU member states, as a story on Euractiv reports:
The European Commission will present a revised ePrivacy proposal as part of the forthcoming Croatian Presidency of the EU, Internal Market Commissioner Thierry Breton announced on Tuesday (3 December), after previous talks failed to produce an agreement among member states.
The revamped measures will be made in a bid to find consensus between EU countries on the ePrivacy regulation which would see tech companies offering messaging and email services subjected to the same privacy rules as telecommunications providers.
Although the new Internal Market Commissioner Breton is quoted as saying: "You can count on me to find consensus between each of us", others are not so sure. Some now believe that the entire ePrivacy Regulation will be dropped as being too hard to fix. That would be an incredible waste of years of work, a missed opportunity -- and a huge victory for the lobbyists.
Follow me @glynmoody on Twitter, Diaspora, or Mastodon.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: eprivacy regulation, eu, lobbying, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
I thought the government was supposed to represent the people who voted for it. I'm sorry, I didn't realise there were so many dumb cunts in the world!
[ link to this | view in thread ]
"like banning encryption backdoors or "cookie walls", have been dropped, as has the right of Internet users to refuse to accept tracking cookies. "
How do they intend to force one to accept tracking cookies?
[ link to this | view in thread ]
Re:
A site can simply refuse to function without the cookie(s) being present. So far sites have not been allowed to do this.
[ link to this | view in thread ]
Re:
They do, right after they confuse issues enough so that a largely uninformed electorate doesn't really understand the implications of policies beyond the pablum being fed to them by politicians who have different constituents to placate.
[ link to this | view in thread ]
Re:
While all major browsers have 'Do not track" modes which serve to prevent long term tracking by cleaning up cookie files left behind, few if any proactively block tracking while on a website. And other trackers like verizon's "super cookies" and facebook's tracker dot are completely unaffected by such moves.
The issue is that a cookie, in the end is a file. And web browsing is entirely about requesting files without being able to KNOW what those files are before you get them. That's why a lot of web safety is focused on preventing the running of arbitrary code and autoplay Flash and javascript widgets are security risks (on top of being annoying). Incognito modes delete leftover files, including tracking cookies. But preventing the file from existing in the first place is not actually a function of incognito mode, and websites are not required to adhere to a do not track flag.
[ link to this | view in thread ]
I know this is a bit off topic to the subject but has the GDPR actually had that much of an impact yet? I know companies have had to make policy adjustments and some are being heavily hit with data requests, which is causing it's own set of problems. However does that really count as an impact with the intent behind the GDPR?
If I look around at my presence on the web, which admittedly I use no social media unless you count say Youtube comments or Reddit posts, I don't see any impact that GDPR has caused and I'm wondering do I live in a sort of bubble or has GDPR really not done that much?
[ link to this | view in thread ]
Re: Re:
Agreed.
It is not clear how they will remove the "right of Internet users to refuse to accept tracking cookies". Perhaps they do not really mean they are removing a right.
[ link to this | view in thread ]
Re:
Where do you live?
[ link to this | view in thread ]
new ePrivacy - is cookie consent still needed?
[ link to this | view in thread ]