E-privacy regulation: eu council peak wants to allow broader data access

E-PRIVACY Regulation: EU Council Peak wants to allow broader data access

Racingly fast, Portugal, which was chaired at the beginning of the year from Germany, has chaired the EU Council of Ministers, a new draft for the four years of severely controversial e-privacy regulation sent to the other Member States. The goal should be, "to simplify the text" and continue to adapt to the Data Protection Basic Regulation (DSGVO).

What is first convincing, turns out to look for a gift to the data processing economy. Originally intention of the EU Commission was to make the latte high with the regulation in data protection in the sensitive field of electronic communication with its numerous applications of Messenger services and the lathe to control language assistants. If the additional rules are now largely aligned with the DSGVO, they actually confer.

Determination under conditions

as "important change" If the Portuguese Government refers to the text published published by the Burger Rights Organization StaTewatch, that companies and resistances can be used to use metadata such as connection information for other purposes as the originally intended and permitted by the user. The most important requirement for this is that the processing "compatible" is intention to be released. This is also intended for intervention in "Terminal equipment" How to browser, for example, by setting cookies and reading out associated user information.

In the new Article 6C and the Corporation Reason 17AA and the enlarged Article 8 and associated allocations, the Portuguese do this misappropriation on some conditions. "Possibly" Should services providers contact the supervisory heritage, implement a privacy policy assessment and personal information pseudonymise as well as suspension. In addition, the requirement is to anonymize the result of an analysis before further information is passed on to third parties.

Differing from the purpose of purposes of impacted data also not used, "to determine the type or characteristics of an end user or a profile" to create him. So the Council’s tip wants to prevent individual behavior overhearted or randomly can be pulled on the private life. Location data are exempt. Otherwise, the person concerned remains only one contradictionality (opt-out). This hurden is not too high for data collectors.

The Portuguese approaches the paper of the Finnish Council Prosident of 2019 in the core in the core. Although you leave the approach in Germany, according to which a data processing of a flat-rate "legitimate interest" should no longer be allowed. Companies can previously appoint this clause in order to operate direct advertising, to prevent fraud and to ensure the safety of an IT system. Already the federal government had introduced it as a substitute individual permission status, the Portugal now expanded.

Cookies or subscription

Who makes free message content available on his homepage and finances itself via banners, should combine access to this with the application of cookies without the consent of users. If you do not want to spy on advertising purposes, if necessary, a chargeable subscription. This passage is appealed to the prerequisite that the user can in principle between different news services elections.

The restriction that cookies in such a case "through the same provider" have to be set, the new prasidant has painted. This is "too restrictive" and place one "Burden" For content providers like the online press. Cookies could also be a legitimate and usable means of employing the effectiveness of a service for example in the design of web pages and advertising or to measure the number of visitors, it is called in the design. Statistical evaluations should be managed in general liberal.

A surprising tracking goods so admitted. from "Unwissed business communication" is not the speech anymore. The possibilities for linguistically preferred direct marketing Portugal also wants to expand with the help of automated systems such as bots.


Another incorused example of the commercial use of metadata is the provision of so-called heatmaps. Suppliers should use data using special graphic agents to visualize the presence of persons in special places. In order to represent traffic movements during a certain period of time, personal identifiers were allowed to display the positions of individuals at certain time intervals.

One consent should not be required if storage capacities are used by final devices to resolve security and to record appropriate software updates. The user must have been informed about this practice before. The updates can not uplieve the functionality of the hardware or software or the privacy settings. Connection data were also used to protect vital interests, such as in humanitarian emergencies or in epidemics.

Stock data retention

If available and technically feasible, a user can grant the paper after software settings to a specific provider to set cookies for one or more specific purposes. Also creating a "green list" should be so possible. Article 10 for "Do not track"-Standard who could hardly enforce itself in practice remains deleted. The EU Parliament had stewed this in its opinion.

The clause for a possible national stock data retention have painted the Portuguese as well as those for the lightning electronic communication in the fight against representations sexual child abuse. The EU legislators are already working in parallel on separate approaches. Generally, the processing of data should be admitted, "To comply with legal requirements".

In order to maintain the confidentiality of electronic communication, the operators should apply security measures. The prohibition of intercepting content wants to allow the prasid to receive a message by the intended addressee, ie during the "End-to-end exchange". On the other hand, the Council is looking for solutions with which security authorizations can access plain text with continuous closing.

The rules should also apply for communication between machines, for example, on the Internet of things, as long as they are not alone in closed networks, for example, in factories. The message exchange is purely within behavior remains in front of. It should be fully applicable to the regulation that does not necessarily have to be implemented in national law after twelve months. So far, two years of transitional period was provided.