The RGPD and the possible conflict with ePrivacy that will occur

The RGPD and the possible conflict with ePrivacy that will occur

In February of this year, the Council of the European Union agreed on the final text of the ePrivacy Regulation; a step towards the emergence of what could be a new law that has been awaited by the Member States for 3 years (it was expected to enter into force together with the General Data Protection Regulation in 2018).

What is the ePrivacy Regulation?

The ePrivacy Regulation is a proposal that aims to strengthen privacy in citizens’ communications that take place through electronic media and/or publicly available networks, in such a way as to generate greater trust among citizens in the use of this type of digital media.

The objective of increasing citizens’ trust is addressed by the European Union by means of a submission to this ePrivacy regulation by, among others, companies dedicated, for example, to providing software for communications or content viewing to Internet users.

In this sense, one of the main elements on which this new regulation is based is that cookies will allow the user the possibility of regulating consent by means of a deeper personalization of their privacy in the settings or configuration panel of the same.

The application of the ePrivacy Regulation is also intended for the communication that takes place between devices, this is due to the increasing use of this type of technologies. The devices act in such a way that they transmit information such as GPS location or model, which allows the user who carries it or the movements he/she makes to be identified, so the protection and security of these data flows is particularly relevant.

End-to-end encryption must be guaranteed in electronic communications made by both users and companies, with the prohibition of establishing backdoors (i.e., the prohibition of establishing mechanisms introduced by service providers that allow governments access to certain data) in these media.

In other words, this regulation is aimed at individual users, companies and certain types of guarantees that must also be safeguarded by governments.

Interferences between ePrivacy and RGPD

Currently, the regulation of privacy and the functioning of cookies in browsers is based on the application of the GDPR and the ePrivacy Directive of 2002, better known in Spain as Law 34/2002 of July 11, 2002 on information society services and electronic commerce (“Ley de Servicios de la Sociedad de la Información y el Comercio Electrónico or LSSI”).

What will happen with the current ePrivacy Directive? The directive currently in force is from 2002 and is going to be replaced by this e-Privacy Regulation, which implies a necessary transposition of the new Regulation into Spanish law through the amendment of the LSSI.

Notwithstanding the above, it should be taken into account that when the ePrivacy Regulation comes into force, the provisions of the GDPR must continue to be complied with, since ePrivacy specifies the content of the GDPR; although it should be taken into account that ePrivacy is a law of special rank. Therefore, in case of conflict or doubt, the provisions of ePrivacy will be applicable as opposed to the provisions of the GDPR (with the rank of general law).

This difference can be observed, precisely, by the content of both regulations (GDPR and ePrivacy).

In other words, the GDPR is a document whose content is of a more general nature, since it deals with data protection and privacy issues in all their aspects, whereas the content of ePrivacy will focus on regulating, specifically, Internet communications in detail.

Main criticisms of ePrivacy

The main criticisms of the ePrivacy Regulation concern the work to be carried out by users, as opposed to the current functioning of cookies, which are composed of a first layer of information where the user specifies who is responsible for the website, the purpose of the processing, the data to be collected, etc. And, the possibility to accept or reject them.

However, with the implementation of ePrivacy the user’s browsing experience may be affected by an excess of information and authorizations for each data exchange that will occur.