Tuesday 11th December 2018

ePrivacy Proposal

This text is a draft proposal published by the European Council on 4th May, 2018

Chapter 1 (Articles 1 - 4)

General provisions

Chapter 2 (Articles 5 - 11)

Protection of electronic communications of end-users and of the integrity of their terminal equipment

Chapter 3 (Articles 12 - 17)

End-users' rights to control electronic communications

Chapter 4 (Articles 18 - 20)

Independent supervisory authorities and enforcement

Chapter 5 (Articles 21 - 24)

Remedies, liability and penalties

Chapter 6 (Articles 25 - 26)

Delegated Acts and Implementing Acts

Chapter 7 (Articles 27 - 29)

Final provisions

Recitals (1-42)

Select an Article

Select a Recital

Recital 20

Interference with end-users’ terminal equipment

(20) Terminal equipment of end-users of electronic communications networks and any information relating to the usage of such terminal equipment, whether in particular is processed by or emitted by or stored in such equipment, requested from or processed in order to enable it to connect to another device and or network equipment, are part of the private sphere, including the privacy of one’s communications, of the end-users requiring protection under the Charter of Fundamental Rights of the European Union. Given that such equipment contains or processes information that may reveal details of an individual’s emotional, political, social complexities, including the content of communications, pictures, the location of individuals by accessing the device’s GPS capabilities, contact lists, and other information already stored in the device, the information related to such equipment requires enhanced privacy protection. Furthermore, the so-called spyware, web bugs, hidden identifiers, tracking cookies and other similar unwanted tracking tools can enter end-user’s terminal equipment without their knowledge in order to gain access to information, to store hidden information and to trace the activities. Information related to the end-user’s device may also be collected remotely for the purpose of identification and tracking, using techniques such as the so-called
‘device fingerprinting’, often without the knowledge of the end-user, and may seriously intrude upon the privacy of these end-users. Techniques that surreptitiously monitor the actions of end-users, for example by tracking their activities online or the location of their terminal equipment, or subvert the operation of the end-users’ terminal equipment pose a serious threat to the privacy of end-users. Therefore, any such interference with the end-user’s terminal equipment should be allowed only with the end-user’s consent and for specific and transparent purposes. The end-user’s consent to storage of a cookie or similar identifier may also entail consent for the subsequent readings of the cookie in the context of a revisit to the same website domain initially visited by the end-user. Access to specific
website content may still be made conditional on the consent to the storage of a cookie or similar identifier. Not all cookies are needed in relation to the purpose of the provision of the website service. Some are used to provide for additional benefits of the website operator. In some cases, making access to website content conditional to consent to the use of such cookies may be considered to be disproportionate. This is for example the case for websites providing certain services, such as those provided by public authorities, where the user could be seen as having few or no other options but to use the service, and thus having no real choice as to the usage of cookies.