The General Data Protection Regulation (“GDPR”) will enter into force 25 May 2018, and will provide new general data protection standards. In its draft ePrivacy Regulation of 10 January 2017 (“ePrivacy Regulation”), which includes specific provisions for electronic communications, the European Commission sought to ensure that both sets of rules will enter into force at the same time.
Current legislative status of the ePrivacy Regulation
The European Council published its first revisions to the ePrivacy Regulation (read more on our blog here) on 8 September 2017, and European Data Protection Supervisor Giovanni Buttarelli issued recommendations on specific aspects of the ePrivacy Regulation on 5 October 2017 (read more on our blog here). The European Parliament adopted a report, including its draft resolution on the ePrivacy Regulation (“Report”), on 23 October 2017. Adhering to the requirements for processing personal data under the ePrivacy Regulation, the Report does not allow further data processing for compatible purposes or on the basis of legitimate interest. On 5 December 2017, the European Council released a consolidated version of the ePrivacy Regulation (“Consolidated Version”) which summarizes the work done so far in the European Council as a basis for its future work. The Consolidated Version also outlines that further internal discussions will be necessary, i.e., on Art. 6, 7, 9 ePrivacy Regulation as well as on further grounds for processing.