On February 21, 2020, the Presidency of the Council of the European Union (“EU Council Presidency”) published a revised part of the proposed Regulation concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), better known as “the Draft ePrivacy Regulation.”
The most significant revision proposed by the EU Council Presidency is that it introduces the possibility to rely on the “legitimate interest” ground to (1) process electronic communications’ metadata, and (2) place cookies or similar technologies on end-users’ terminals, subject to specific conditions and safeguards, namely:
- conducting a data protection impact assessment and, where appropriate, consulting the relevant supervisory authority;
- implementing appropriate security measures;
- providing information to end-users about the data processing activities taking place;
- providing end-users with the right to object to such data processing; and
The EU Council Presidency’s revisions will be discussed at the next WP Tele meetings on March 5 and March 12, 2020. The EU Council Presidency also indicated that it is currently reflecting on additional revisions and intends to issue an additional document to be discussed during these meetings.