The long-running e-Privacy Regulation saga continues. On 18 September 2019, the Council of the European Union (the Council) released proposed amendments to the draft regulation. We take a look at some of the proposals.


The draft e-Privacy Regulation will replace the current Directive 2002/58/EC to “reinforce trust and security in the Digital Single Market”. It was meant to be introduced concurrently with GDPR in May 2018. However, it has been subject to many delays, debates and inter-EU institutional wrangling. The Council (under its current Finnish presidency) has now proposed additional changes to the existing draft.

The most eye-catching changes are new obligations regarding processing of electronic communications data to detect, delete and report child pornography.Continue Reading The e-Privacy Regulation saga rumbles on

In a judgment dated 15 December 2015, case no VI ZR 134/15, (“Judgment”) the German Federal Supreme Court (“FSC”; Bundesgerichtshof – BGH) confirmed that an electronic mailbox held by a consumer shall be covered by the so-called private sphere of a natural person as part of its general right of privacy. Consequently, the FSC concluded that automatic reply emails by a company to a consumer, which contain not only a confirmation of receipt of an earlier email sent by the consumer but also additional adverts, shall qualify as violation of the natural person’s general right of privacy, provided that the relevant consumer has expressly refused to receive advertisings.

Facts of the Judgment

The plaintiff, a consumer, sent a notice termination to the defendant, an insurance company. The defendant sent an automatic reply to plaintiff, confirming receipt of plaintiff’s email and announcing a detailed response to follow by separate email. In the signature of defendant’s email, advertising statements in relation to certain weather services were displayed. The plaintiff responded to defendant’s email, demanding that defendant stop sending such advertising statements. Notwithstanding, defendant’s email system again sent an automated response, containing the same adverts. Finally, respondent filed an injunction in order to prohibit defendant to send the aforementioned (or similar) electronic adverts without plaintiff’s express consent.
Continue Reading German Federal Supreme Court prohibits unsolicited advertising in signatures of automated B2C email replies confirming receipt of a consumer’s email

From 16 May, those making (or instigating) direct marketing telephone calls must provide Caller Line Identification (‘CLI’) when making calls live or through automated means. The display of their telephone numbers to consumers has the effect of making it easier for consumers to refuse and/or report unwanted marketing calls.

The Privacy and Electronic Communications (EC

At the end of March, the Information Commissioner’s Office (ICO) issued updated guidance on the law in relation to Direct Marketing. The ICO notes in its accompanying blog post that the law applies “equally to any and all organisations who are engaging in direct marketing activity via electronic means, regardless of their sector.”

The updated guidance gives new focus to:

  • The collection of third-party (indirect) consent, which it indicates will only be validly obtained in limited circumstances
  • How to ensure that consent is freely given, and how this interacts with either incentivising individuals to give consent, or making access to a service conditional on giving consent

Continue Reading Information Commissioner’s Office issues updated guidance on Direct Marketing

As 2015 draws to a close, the UK’s Data Protection Regulator, the Information Commissioner’s Office (‘ICO’), is making sure it ends the year with a bang. The past few months have seen a significant increase in enforcement action, a theme which seems to be common for the regulator at this time of year because of the rise in shopping and promotional activities.

A key area of focus for the ICO has been to crack down on nuisance calls and inappropriate data-sharing practices through ‘Operation HIDA’.
Continue Reading The UK’s data protection regulator cracks the enforcement whip

Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information.

UK data protection authority, the Information Commissioner’s Office (ICO), has published new guidance, an accompanying checklist, and an at-a-glance guide to help organisations understand the rules governing direct marketing under the Data Protection Act 1988 (DPA), and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR).

The ICO guidance attempts to clarify direct

Since March of this year, the Information Commissioner’s Office (ICO) has been asking members of the public to report any calls or texts they have received from unknown senders by using an online survey. The survey information has allowed the ICO to focus its investigations on organisations responsible for making unsolicited communications. The ICO received