ePrivacy: GDPR addition to personal data protection


The European Parliament has approved a proposal of European Regulation of ePrivacy, which directly stipulates rights and imposes obligations of EU member states' citizens. It aims to complete the General Data Protection Regulation (GDPR) in the area of IT and telecommunications. The ePrivacy ought to protect our metadata (the information on our location, the type and length of our communication etc.) better, to help to identify and to make marketing calls more transparent via e.g. identification by means of a specific marketing dialing code, and to introduce more comprehensive rules for the so-called cookies.

The approval is an important step towards the implementation of the regulation, and it is to be discussed in what is called a “trialogue” - a discussion among the European Commission, the Council of the European Union consisting of EU members states governments representatives and the European Parliament. As planned, it should become effective in May 2018, along with the GDPR; at this moment, however, it is unclear whether such a short term may be met. Despite all that, though, we support the recommendation of the Czech Office for Personal Data Protection that all administrators and processors of personal data should take the ePrivacy Regulation rules relevant for e.g. businesses making use of e-mail or telephone marketing messages into consideration while making preparations for the GDPR implementation. Should the rules not be met, fines of up to EUR 20m (or 4% of the company's turnover, should the amount be higher) may be imposed.