On September 29, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published a paper on the Draft ePrivacy Regulation (“ePR”), in the context of the Trilogue Discussions between the EU Commission, EU Council and EU Parliament (the “Paper”).

The ePR is intended to update the existing ePrivacy Directive (Directive 2002/58/EC on privacy and electronic communications).

This paper reiterates CIPL’s longstanding position that the ePR:

  • needs to be flexible enough to enable innovation, while ensuring effective protection of individuals;
  • be consistent with the GDPR and in particular align with the GDPR’s legal bases for processing;
  • rely on an accountability and risk-based model;
  • only fill the gaps of the GDPR in relation to electronic communication data;
  • enable the development of privacy-enhancing and privacy-preserving technologies that need to leverage on-device data; and
  • designate data protection authorities as sole regulators to avoid enforcement overlap and enable harmonization through the one-stop-shop mechanism.

CIPL also highlights its preferred positions on the co-legislators’ drafts and identifies some additional concerns.