ePrivacy Regulation: European Parliament says yes to Lauristin report

The EP draft of the new EU ePrivacy Regulation can move to the next stage after two consecutive votes in favor of what has become known as the Lauristin report, as the rapporteur, who is responsible for the report (including the amendments of the draft) which was put to vote is MEP Marju Lauristin (more below).

People have the right to be informed about how information left by them is used. The right to not be monitored is vital from the perspective of democracy (Marju Lauristin)

After hardly a week of even more intensive lobbying and political disagreements to put it mildly, since the LIBE Committee voted for the report on October 19th as you can read in our updated ePrivacy Regulation page, the European Parliament now has also voted in favor of the Lauristin report in plenary session on October 26th, 2017.

Many people still seem pretty unaware about the EU ePrivacy Regulation (as opposed to the EU GDPR to which the ePrivacy Regulation is lex specialis and where awareness FINALLY really starts growing, among a large majority of businesses that wasn’t too much aware at all and really isn’t as we wrote in our piece on GDPR and cloud and at many occasions before). More on what all that means and what the ePrivacy Regulation is about on our ePrivacy Regulation overview page. Also read about the impact of the regulation and the GDPR on IoT (Internet of Things).

EU ePrivacy - Lauristin report votes European Parliament

The ePrivacy Regulation and Lauristin report – what the votes in favor mean

The new EU ePrivacy Regulation on the respect for private life and the protection of personal data in electronic communications, in short the ePrivacy Regulation, replaces the previous directive, Directive 2002/58/EC. And as you can see read on our overview page it stretches far.

After over a year of intensive lobbying and literally hundreds of requests for amendments, ample meetings with all sorts of industry groups and heavy reactions by, among others, telecommunications, media, online advertising and Internet companies and/or the associations representing them, the Justice Committee (LIBE Committee) voted in favor of the amended text which is part of the Lauristin report with a close majority on October 19th, 2017.

Marju Lauristin - Wikipedia Ave Maria Mõistlik - CC BY-SA 3.0
Marju Lauristin – Wikipedia Ave Maria MõistlikCC BY-SA 3.0

The rapporteur and author of the report as it was approved  that day is Estonian Marju Lauristin who was also involved in the GDPR. Before and after the vote in the LIBE Committee a bunch of associations sent out more mails and put out more reports on why the EU ePrivacy Regulation would have dramatic impacts and, according to some, even kill the Internet. Lobbying had been mainly targeted to member of European Parliament (MEPs) as that is the institution that matters here (the Council comes next..

However, it was all in vain. The next step in the ePrivacy Regulation after the LIBE Committee , a.k.a. Justice Committee of the European Parliament (EP) was a vote by the EP in plenary session. And that is exactly what happened on October 26th, 2017. With 318 MEPs voting for and 280 against (20 abstentions) the European Parliament voted in favor of the Lauristin report.

The next stages of the ePrivacy Regulation after the Lauristin report approvals

For Estonian MEP Marju Lauristin the work is done (she also leaves the EP now). The next step in the process towards the new EU Privacy Regulation in the EU’s procedures is the Council of the European Union that needs to take a stand and discuss with member states (the Council is the institution representing national ministers). 

Officially the vote means that the decision to enter the negotiations within the context of the EC and the member states with the approved amended text has been voted for.

This also means that all lobbying will now shift away from targeting European Parliament to the member states as, although the vote was the second victory in a row for pro-privacy groups and for Marju Lauristin and other MEPs who have looked at all the arguments made and saw through them as the votes with regards to the Lauristing report prove, the narrow margins, political resistance from center-right groups and next steps still are important factors and of course the Council and Parliament need to reach an agreement when all work is done.

The Report represents a missed opportunity to make the ePrivacy framework fit for modern e-commerce (Margreet Lommerts, Secretary General ad interim of Ecommerce Europe)

The whole ePrivacy Regulation debate is a highly polarized and political one with tremendous lobbying and interests. Some groups, on both sides so to speak, even post the names of the MEPs who voted for and those who voted against. That’s how sensitive the debate is. And it surely doesn’t really help to start sharing personal data approximately 7 months before the GDPR becomes enforceable but that’s another story.

As the quote at the top of this article indicates, Marju Lauristin clearly chose for privacy and not the lobbying. However, others are obviously not sharing her vision as the quote from a reaction to the Lauristin report by Margreet Lommers of Ecommerce Europe shows (it’s one of a whole lot) and the reactions by several associations and people in the online business on Twitter are clearly emphasizing after the EP plenary vote. In other words: to be continued as the regulation is not ‘home’ yet.

So, now to the member states. Nothing is certain except the fact that the strict rules regarding, among others a ban on cookie walls, rules regarding the usage of over-the-top services such as Skype and WhatsApp, the IoT (Internet of Things) and privacy, the right to not being tracked and need for consent, the promotion of end-to-end encryption and privacy by design and no backdoors whatsoever, as the Lauristin report made clear, stands as it is for now.

Oh, and in case you wonder: the ePrivacy Regulation will require us to change a lot too and will effectively impact the revenues of our small company. We started preparing with the help of our membership of the IAPP and a cookie consent center but that’s far from enough.

Next in regulations and compliance: EU DORA Digital Operational Resilience Act

Top image: Shutterstock – Copyright: enzozo – all other images are property of their mentioned owners. Although the content of this article is thoroughly checked we are not liable for potential mistakes and advice you to seek assistance in preparing for the ePrivacy Regulation as soon as it is final.