Waiting for the ePrivacy Regulation (ePVO)

Waiting for the ePrivacy Regulation (ePVO)

The ePrivacy Regulation still does not exist, although it was supposed to be applied already in May 2018. Operators of online stores and other online services suffer from legal uncertainty, despite the new Telecommunications Telemedia Data Protection Act (TTDSG). The question is how best to navigate to be data protection compliant.

Waiting for the ePrivacy Regulation (ePVO)

The discussion on Telemedia data protection has been going on for years and concerns all operators and users of “electronic information and communication services unless they are telecommunications services consisting entirely of the transmission of signals over telecommunications networks, telecommunications-based services or broadcasting.” Accordingly, examples of telemedia include web stores, search engines, webmail services, web portals, and blogs.

These examples show that most companies are telemedia operators, they do not even need an online store, a website is enough, and who does not have an Internet presence by now.

The diversity and proliferation of telemedia and their extensive use explain why the discussion on data protection in telemedia is so important, for operators and users alike. The reasons for the long-running discussion on data privacy quickly become clear when one looks at what legal requirements exist or do not yet exist in this regard.

In particular, there is the Telemedia Act (TMG), the EU’s ePrivacy Directive, the EU’s General Data Protection Regulation, and, since the beginning of December 2021, the Telecommunications Telemedia Data Protection Act (TTDSG), but still no ePrivacy Regulation.

READ:  What is A Security Policy?

The significance of the TTDSG has already been covered. Generally speaking, it can be said that the TTDSG is intended to harmonize provisions from the GDPR, the Telecommunications Act (TKG), and the Telemedia Act (TMG) and to merge data protection regulations in order to gain more legal clarity. Is there actually still a need for the ePrivacy Regulation? Or has everything now been clarified when the TTDSG is applied?

The goals of the ePrivacy Regulation

The European legislator has decided to replace the ePrivacy Directive with an ePrivacy Regulation, according to the Federal Data Protection Commissioner. After the German legislator still had to implement the European requirements from the E-Privacy Directive in the Telecommunications Act (TKG) and the Telemedia Act (TMG), a regulation applies directly in the member states.

The aim of the regulation is to bring the rules on electronic communications closer to the General Data Protection Regulation (GDPR) without going beyond the provisions of the GDPR, as the Federal Data Protection Commissioner explains.

The TTDSG, on the other hand, is a German law designed to fix one problem, among others. The German TMG and the applicable European e-privacy directive make different specifications. The result of this uncertainty is a flood of cookie banners that annoy users. The Federal Data Protection Commissioner, for example, has been pointing out this grievance for years.

“Complaints against cookies on websites now take the top spots in the case statistics of many supervisory authorities,” Michael Will, President of the Bavarian State Office for Data Protection Supervision, also reports. “This reflects the high sensitivity of users to technologies and business practices that are often hardly transparent, but also shows that many responsible parties repeatedly try to exploit supposed leeway or even ignore limits.”

READ:  What is a Managed Security Service (MSS)?

The president of the Bavarian State Office for Data Protection Supervision also refers to the new TTDSG and the audits of the supervisory authorities on the use of cookies: “Also against the background of the clarification of the fundamental need for consent for cookies, which will come into force on December 1, 2021, with the Telecommunications and Telemedia Data Protection Act, the joint audit (of the supervisory authorities) is a wake-up call for all responsible parties to check the use and processing processes of their websites and adapt them if necessary.”

If the ePrivacy Regulation comes into force, the German legislator will have to take another look at the TTDSG, because the TTDSG reflects the requirements of the ePrivacy Directive, which will then be replaced by the ePrivacy Regulation.

The regulatory areas of an e-privacy regulation and a TTDSG will largely coincide. However, the German Federal Ministry of Economics and Technology has already stated that the TTDSG will probably have to be adapted to the ePrivacy Regulation, which is currently still being negotiated at the European level, at a later date.

What the ePVO should and can do

The EU Commission explains the significance of the ePVO: With the General Data Protection Regulation, personal data is protected. The ePrivacy Regulation protects the confidentiality of all electronic communications, including the terminal equipment used. The general provisions of the General Data Protection Regulation apply to communications containing personal data unless the ePrivacy Regulation provides more specific rules.

READ:  What Is Vishing?

The European Data Protection Board clarifies: the ePrivacy Regulation should under no circumstances lower the level of protection provided by the current ePrivacy Directive, but should complement the General Data Protection Regulation (GDPR) with additional, strong safeguards for the confidentiality and protection of all types of electronic communications. Under no circumstances can the ePrivacy Regulation be used to de facto amend the GDPR.

Do not shelve ePrivacy

Even with the TTDSG, companies in Germany should not lose sight of the upcoming ePrivacy Regulation. This is also evident, for example, from the fact that the topic of cookies is high on the agenda at the EU level.

The European Data Protection Committee has now set up a Cookie Banner Task Force. This is intended to promote cooperation, the exchange of information, and best practices between the supervisory authorities in the EU member states. So the goal here is also an EU-wide harmonized approach around the use of cookies and cookie banners. The benchmark for this will be the corresponding EU regulation and not German law. So the ePVO will be needed and decisive. The German TTDSG is a good step towards data protection in telemedia, for example, but certainly not the last.