The advertising industry has sharply criticized the proposal of the European Commission for the ePrivacy Regulation which is meant to improve online data protection. What do you think about the legislative proposal?
Christoph Bauer: The proposed text for the ePrivacy Regulation is a specification of the General Data Protection Regulation (GDPR), but which goes in a different direction than expected from the GDPR. So far, legislation pursued the objective to enable existing business models of the industry further on. This has changed significantly, as an opt-in by the user is required for third party cookies and other tracking technologies, what has not been the case before. Furthermore, the implementation period will not be two years, but the ePrivacy Regulation shall come into force together with the GDPR in May 2018. As it is so far only a proposal, the implementation period will probably be very short. In total, the procedure oft the Commission is very unusual and thus astonished the impacted industry. Some people as IAB Germany vice president Thomas Duhr are afraid that the internet as we know it today will not exist any more.
The measures impacting the cookies is part of a longer list of legislative proposals for the improvement of data protection in electronic communication. The European Commission presented it as a possibility to simplify the settings of acceptance or denial of cookies that access data on the user's computer or that track the user's online behavior. Which consequences could this text have if it will be accepted unmodified?
If the regulation comes into force unmodified, big shifts are to be expected in the online advertising and technology business, because this regulation actually favors the big players as Facebook and Google that already have got an opt-in. But the consequences for all other players of the online marketing industry would be devastating. That cannot be the interest of the Commission.
The European Commission wants to "guarantee the privacy of online behavior and of the users' devices" and to transfer the control to the user. In your opinion, how can that fundamental principle and the need to finance content with advertising be brought together? In other words, what amendments could be proposed for this law?
CB: It could be an idea to permit anonymous tracking, as neither the GDPR affects anonymous data. Thus, if someone tracks a user without knowing his personal data as name, address, email address, ip address etc, tracking by cookies and other trackers might be allowed. Because the person behind anonymous data cannot be identified by the one who gets the anonymous data.
Besides, there are tracking methods that do not leave traces on the users' devices (as cookie text files in browsers do), but that track the device anyway. Insofar it can happen that third party cookies will be forbidden, but that other technologies will take their place, that actually have got the same effects but are not forbidden. Given that, the legislator would have missed the target.
On 10th of January, the European Commission has published the official proposal for the ePrivacy Regulation, expected to come into forth with the General Data Protection Regulation in May 2018. Associations and players of the online marketing sector have already strongly criticized the proposal, as it would have serious consequences on the internet industry and on the information society.
What exactly will the ePrivacy Regulation change, if the proposal will be accepted unmodified? Dr. Frank Eickmeier and Prof. Dr. Christoph Bauer have summarized the main changes for you. Please find the detailed statement here.
Open seminar about the challenges of the EU General Data Protection Regulation (GDPR) from 11 am until 3 pm: What are the most important changes due to the new EU legislation? How can data-driven business models be prepared for 2018?
Große Bleichen 21
ePrivacy Extends the Inspections Scope of the ePrivacyseal to the New GDPR and Publishes Free GDPR App
ePrivacy GmbH has integrated the new General Data Protection Regulation, published in May 2016 and operative in May 2018, into the criteria catalogue of the ePrivacyseal. Furthermore, the free app “ePrivacy GDPR” brings the law text on smartphones.
Please find the complete press release here.
Many patients use medical apps on their smartphone or tablet. To use these applications, it is necessary to provide sensitive data – data protection and data security thus play a particularly important role. ePrivacy tested around 140 medical apps between August and November 2015 and found out, that many of them exhibit substantial defects.