Monday 10th December 2018

ePrivacy Proposal

This text is a draft proposal published by the European Council on 4th May, 2018

Chapter 1 (Articles 1 - 4)

General provisions

Chapter 2 (Articles 5 - 11)

Protection of electronic communications of end-users and of the integrity of their terminal equipment

Chapter 3 (Articles 12 - 17)

End-users' rights to control electronic communications

Chapter 4 (Articles 18 - 20)

Independent supervisory authorities and enforcement

Chapter 5 (Articles 21 - 24)

Remedies, liability and penalties

Chapter 6 (Articles 25 - 26)

Delegated Acts and Implementing Acts

Chapter 7 (Articles 27 - 29)

Final provisions

Recitals (1-42)

Select an Article

Select a Recital

Recital 19

Processing data in transit

(19) The protection of the content of electronic communications pertains to the essence of the fundamental right to respect for private and family life, home and communications protected under Article 7 of the Charter. Any interference with the content of electronic communications should be allowed only under very clear defined conditions, for specific purposes and be subject to adequate safeguards against abuse. This Regulation provides for the possibility of providers of electronic communications services to process electronic communications data in transit, with the informed consent of all the end-users concerned. For example, providers may offer services that entail the scanning of emails to remove certain pre-defined material. Given the sensitivity of the content of communications, this Regulation sets forth a presumption that the processing of such content data will result in high risks to the rights and freedoms of natural persons. When processing such type of data, the provider of the electronic communications service should always consult the supervisory authority prior to the processing. Such consultation should be in accordance with Article 36 (2) and (3) of Regulation (EU) 2016/679. The presumption does not encompass the processing of content data to provide a service requested by the end-user where the end-user has consented to such processing and it is carried out for the purposes and duration strictly necessary and proportionate for such service. After electronic communications content has been sent by the end-user and received by the intended end-user or end-users, it may be recorded or stored by the end-user, end-users or by a third party entrusted by them to record or store such data. Any processing of such data must comply with Regulation (EU) 2016/679.

(19a) Services that facilitate end-users everyday life such as index functionality, personal assistant, translation services and services that enable more inclusion for persons with disabilities such as text-to-speech services are emerging. Therefore, processing electronic communications content for services explicitly requested by the end-user for their own individual use, consent should only be requested from the end-user requesting the service taking into account that the processing must be limited to that purpose, limited to the duration necessary for providing the requested services and shall not adversely affect fundamental rights and interest of another end-user concerned.

(19b) Providers of electronic communications services may, for example, obtain the consent of the end-user for the processing of electronic communications data, at the time of the conclusion of the contract, and any moment in time thereafter. In some cases, the legal entity having subscribed to the electronic communications service may allow a natural person, such as an employee, to make use of the service. In such case, consent needs to be obtained from the individual concerned.