Fundamental rights and data protection organisations from several European  countries demand effective protection against tracking and data retention.

The ePrivacy regulation aims to protect the privacy of electronic communications. But telecoms and big tech lobby groups are trying to sabotage it while the Council of the European Union is delaying its adoption and putting forward proposals that would weaken the regulation and render it ineffective. 9 organisations from several European countries are calling for a strong ePrivacy Regulation. The protection of the privacy of all Internet users is more important than the wish of private enterprises to exploit the value of our data.

No tracking without consent. No tracking walls.
In recital 20 of the current working draft, the Council of the European Union has replaced an "and" with an "or" and by this seemingly small changes, reversed important safeguards. Instead of consent and transparent information, highly invasive tracking will be possible with consent or transparent information. This implies that users may be coerced to decide if they want to subject themselves to commercial surveillance or not to access the service. Under these circumstances, the ePrivacy Regulation would end up lowering standards agreed under the GDPR. This change must be reversed – in the recital and in corresponding articles as well.

The EU Parliament had provided for a ban on tracking walls in Art. 8 paragraph 2 a. The Council of the European Union did not add a similar paragraph. Tracking walls only allow access to a page if the user gives consent to a large number of his data being processed. Under these circumstances, consent will be forced and meaningless. Therefore, we request the prohibition of tracking walls.

Privacy by Default
Article 10 should provide that all internet users' right to privacy is protected by design and by default. The European Parliament proposal is in line with the GDPR and supported by data protection authorites. Instead the Council of the EU is proposing to delete Article 10 in its entirety, giving in to pressure from the advertising industry. If Article 10 is deleted those who will be affected first and foremost are vulnerable groups of citizens: elderly people, children and people without much awareness on how their information is being hoovered. We may not even have browsers with settings that allow us to effectively shut out third parties. We demand a strong Article 10 that provides privacy by design and by default.

No private data retention 
The current Directive allows the processing of metadata only for strictly limited purposes. The EU Council now wants to weaken these provisions. Instead of improving the protection of our communications data, the Council wants to give telecommunications providers more opportunities to surveil us. 
When and where we communicate with whom is nobody's business! Although telecommunications providers will only be allowed to store this data pseudonymously, this does not effectively protect users. Pseudonyms can be traced back and associated with a person. The pseudonymous data collection may still be used to trace individuals and lay bare the most intimate details of their life. We demand the deletion of Article 6 (2a)! The changes in Article 6 (2) have to be withdrawn.

Protect our data when it is stored
The EU-Council text clarifies that the protection only applies in transit. The European Parliament's draft envisaged our data to be protected also when it is stored. And this is very important. Lots of services like messengers and data exchange platforms are based on central servers. Thus, it must be clearly defined what the company that owns this server is allowed to do with our messages. We do not want companies scanning our messages after we have received them. Stored data must be protected as well as data in transit.

These demands are supported by the following organisations:

1. Digitalcourage e.V. (Germany) 
   
2. Netzwerk Datenschutzexpertise (Germany)
3. Digitale Gesellschaft e.V. (Germany)
   
4. Vrijschrift (the Netherlands)
5. Privacy International (international)
6. ApTI (Romania)
7. Datenschutzraum e.V. (Germany)
8. Initiative für Netzfreiheit (Austria)
9. Arbeitskreis Vorratsdatenspeicherung (Germany)