On January 10, 2017, the EU Commission proposed a new Regulation on Privacy and Electronic Communications, following the publication of its leaked draft in December, 2016. The recent adoption of the General Data Protection Regulation (“GDPR”) created a need for updated E-Privacy rules.
The proposed e-Privacy Regulation includes significant changes to the current e-Privacy Directive 2002/58/EC. Among other things, the draft introduces new rules in relation to traffic and location data and marketing communications, modifies the “cookie” rule, and aligns fines for breach of the proposed Regulation with the GDPR, bringing the fine up to 4% of annual worldwide turnover for certain breaches.
If implemented, the new Regulation would also require regulators to cooperate on enforcement actions where breaches have a cross-border impact.
The proposed legislation must now be reviewed by the European Parliament and the Council. The EU Commission intends the new Regulation to come into force on May 25, 2018, the same day as the GDPR takes effect. Like the GDPR, the e-Privacy Regulation will apply across all member states.