May 2018 deadline for EU e-Privacy Regulation may be unrealistic



The EU Council’s Maltese Presidency’s progress report on the EU Commission’s proposal for an e-Privacy Regulation reveals that while Member States are still preparing their national positions, some delegations are already asking for greater flexibility. Some Member States’ delegations think that the proposal should follow the General Data Protection Regulation (GDPR) more closely, and for example, make it possible to base certain processing on legitimate interest grounds. They also think that the level of detail required for a Regulation may be too difficult to achieve by May 2018.

According to the proposal, telecoms companies could face fines of up to 4% of global turnover or €20 million, which equates to the levels in the GDPR. In an interview with PL&B this week, the European Data Protection Supervisor, Giovanni Buttarelli, said that in case of a breach involving several aspects, some of which would fall under the GDPR and others under e-Privacy, a company could be fined under both regimes.

The June issue of PL&B International Report will include an interview with Giovanni Buttarelli about his views on the e-Privacy proposal.

The EU Commission aims to have the e-Privacy Regulation adopted by May 2018 when the GDPR enters into force. A vote at the European Parliament’s Civil Liberties, Justice and Home Affairs (LIBE) Committee is tentatively scheduled for October 2017, and Ms Marju Lauristin, an Estonian MEP (Group of the Progressive Alliance of Socialists and Democrats) has been appointed as the Rapporteur for the European Parliament.