ePrivacy: uusi versio lakiehdotuksesta

EU:n tämänhetkinen puheenjohtajamaa Portugali on esitellyt ehdotuksensa muutoksiksi ePrivacy-lainsäädäntöön.

Ehdotuksessa tarkennetaan ePrivacyn ja GDPR:n keskinäistä suhdetta sekä otetaan kantaa mm. selainten yksityisyysasetuksiin, käyttäjien paikkatietoihin, kävijämittaukseen ja anonymisoidun datan käsittelyyn.

Ehdotuksen odotetaan etenevän Euroopan neuvostosta parlamentin ja komission käsittelyyn ehkä jo helmikuun jälkeen.

Alla keskeisiä muutosehdotuksia. Katso koko ehdotus täällä.

– – –
– Recitals (non-binding) 20 and 21 (mainly on cookies) have been subdivided. Main changes include:

  • The objective to avoid that online content providers need to provide simultaneously “free” content (without payment) and paid content websites [“cookie walls”]
  • An end-user’s consent directly given to a service always prevails over software settings [no default ad blocking]

– Article 4 (3) (j) defines “location data” as “data processed by means of an electronic communications network or service, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service.”

– Article 6b (1) (b) on permitted processing of electronic communications metadata, now aligns with GDPR Art. 6 (1) (b) “performance of a contract”, as legal basis, e.g. for the wording has been reorganized to clearly identify the processing metadata legal basis, for detecting/stopping fraudulent or abusive use of electronic communications service.

– Article 6b (2) (a), (b) and (c) concerning third parties sharing anonymised statistical metadata now align with the GDPR and clarify that this is not personal data.

– Article 6c on compatible processing of electronic communications metadata has been reinstated and allows “further processing” as per GDPR Art. 6(4) – which is good news for business. However, it is opposed by privacy-friendly Member States like Germany.

– It goes together with reinstated Art. 8 (1) (g1), which clarifies that third party sharing of anonymised data is no longer consider personal data, but must comply with additional safety ‘duties’, such as carrying out DPIAS.

– Article 8 (1) (c) on the protection of end-users’ terminal equipment information [placing a cookie], has seen a slight amendment

– Article 8 (1) (d) now allows audience measurement to all service providers (it had priorly excluded, e.g. “other” broadcasters, like radio),

– Article 10, on options for privacy settings, remains deleted. It would have meant that browser setting had to be “privacy by default”, practically blocking all ads.

Lähde: EACA

Kommentoi

Sähköpostiosoitettasi ei julkaista. Pakolliset kentät on merkitty *