The ePrivacy regulation aims to protect the privacy of electronic
communications. But telecoms and big tech lobby groups are trying to
sabotage it while the Council of the European Union is delaying its
adoption and putting forward proposals that would weaken the regulation
and render it ineffective. 9 organisations from several European
countries are calling for a strong ePrivacy Regulation. The protection
of the privacy of all Internet users is more important than the wish of
private enterprises to exploit the value of our data.
No tracking without consent. No tracking walls.
recital 20 of the current working draft, the Council of the European
Union has replaced an "and" with an "or" and by this seemingly small
changes, reversed important safeguards. Instead of consent and transparent information, highly invasive tracking will be possible with consent or
transparent information. This implies that users may be coerced to
decide if they want to subject themselves to commercial surveillance or
not to access the service. Under these circumstances, the ePrivacy
Regulation would end up lowering standards agreed under the GDPR. This
change must be reversed – in the recital and in corresponding articles
The EU Parliament had provided for a ban on tracking
walls in Art. 8 paragraph 2 a. The Council of the European Union did not
add a similar paragraph. Tracking walls only allow access to a page if
the user gives consent to a large number of his data being processed.
Under these circumstances, consent will be forced and meaningless.
Therefore, we request the prohibition of tracking walls.
Privacy by Default
10 should provide that all internet users' right to privacy is
protected by design and by default. The European Parliament proposal is
in line with the GDPR and supported by data protection authorites.
Instead the Council of the EU is proposing to delete Article 10 in its
entirety, giving in to pressure from the advertising industry. If
Article 10 is deleted those who will be affected first and foremost are
vulnerable groups of citizens: elderly people, children and people
without much awareness on how their information is being hoovered. We
may not even have browsers with settings that allow us to effectively
shut out third parties. We demand a strong Article 10 that provides
privacy by design and by default.
No private data retention
current Directive allows the processing of metadata only for strictly
limited purposes. The EU Council now wants to weaken these provisions.
Instead of improving the protection of our communications data, the
Council wants to give telecommunications providers more opportunities to
When and where we communicate with whom is nobody's
business! Although telecommunications providers will only be allowed to
store this data pseudonymously, this does not effectively protect users.
Pseudonyms can be traced back and associated with a person. The
pseudonymous data collection may still be used to trace individuals and
lay bare the most intimate details of their life. We demand the deletion
of Article 6 (2a)! The changes in Article 6 (2) have to be withdrawn.
Protect our data when it is stored
EU-Council text clarifies that the protection only applies in transit.
The European Parliament's draft envisaged our data to be protected also
when it is stored. And this is very important. Lots of services like
messengers and data exchange platforms are based on central servers.
Thus, it must be clearly defined what the company that owns this server
is allowed to do with our messages. We do not want companies scanning
our messages after we have received them. Stored data must be protected
as well as data in transit.
These demands are supported by the following organisations:
- Digitalcourage e.V. (Germany)
- Netzwerk Datenschutzexpertise (Germany)
- Digitale Gesellschaft e.V. (Germany)
- Vrijschrift (the Netherlands)
- Privacy International (international)
- ApTI (Romania)
- Datenschutzraum e.V. (Germany)
- Initiative für Netzfreiheit (Austria)
- Arbeitskreis Vorratsdatenspeicherung (Germany)