European regulatory authorities have always been active in restructuring privacy guidelines. Personal data has become one of the major source of revenue for many companies and to keep it from being misused, to preserve the integrity of every citizen in the European union (‘EU’), the Council of EU has released an ePrivacy proposal on July 6, 2020. The ePrivacy proposal has been set out for discussions under the Regulation on Privacy and Electronic Communications. The proposal is set out for discussions to ascertain and relook at the rules for processing electronic communications and for processing end user’s terminal equipment information as set out in Article 6(b), Article 6(c) and Article 8 of the General Data Protection Regulation (‘GDPR’). The need to relook into these regulations and resolving any outstanding issues as the Council of EU prescribes, is to:

  1. ensure privacy in electronic communications in accordance with the EU Charter of Fundamental Rights; and
  2. to ensure that in this digital age, there is fair competition with regards to start-ups and small enterprises within the EU when compared with large market players outside the EU.

Article 6(b) of the GDPR specifies the lawfulness of data processing of the data subject. The ePrivacy proposal proposes to amend the wordings of Article 6(1)(d) to include in the latest compromise text 6543/20, concerning the respect for private life and the protection of personal data in electronic communications, which repealed Directive 2002/58/EC (Regulation on Privacy and Electronic Communications). This is done protect the ‘vital interests’ of data subjects. The Presidency has asked for public comments for insertion of a new recital which shall be termed as follows: “it is necessary in order to protect the vital interests of the end-user or of another natural person

In this sense, the working group has proposed make it lawful to process the meta data for electronic communications when it is in the vital interest of the end-user or of another natural person. This has been considered in the light of Covid-19. The reasoning as provided by the working group is to include processing of meta data which helps in monitoring epidemics and their spread or processing meta data during humanitarian emergencies. Further, the working group has also proposed the insertions towards Article 6 to the latest compromise text 6543/20 which permit the processing of electronic communications metadata on the basis of legitimate interests subject to specific conditions and safeguards. In this regard, the working group has proposed that the meta data processing shall be considered to be lawful when:

  1. it is be deemed necessary for the purpose of statistical counting, provided that the location of the data subject is pseudonymised and such location is not used for profiling the end user; and
  2. it is necessary for statistical counting for scientific purposes, however all necessary encryptions and pseudonymisation shall be followed.

Moreover, the Presidency has also asked for recommendations to Article 8 as set out in latest compromise text 6543/20 and has provided for 2 (two) options. Option 1 and Option 2 suggest to ensure the privacy of terminal devices and any software which is installed by the data subject. Terminal equipment in this regard shall be a device a cookie is placed on, such as wearable technologies, smart TVs and other connected devices.

It is interesting to see that the EU Presidency has taken this step to amend the ePrivacy regulations in the light of Covid 19. The suggestions and options as provided by the working group shall help in ensuring privacy in wearable technologies and other apps and devices which are being used by the health-tech sector. This is very necessary as it shall have a greater impact in the post-Covid world.

Leave a comment