Monday 10th December 2018

ePrivacy Proposal

This text is a draft proposal published by the European Council on 4th May, 2018

Chapter 1 (Articles 1 - 4)

General provisions

Chapter 2 (Articles 5 - 11)

Protection of electronic communications of end-users and of the integrity of their terminal equipment

Chapter 3 (Articles 12 - 17)

End-users' rights to control electronic communications

Chapter 4 (Articles 18 - 20)

Independent supervisory authorities and enforcement

Chapter 5 (Articles 21 - 24)

Remedies, liability and penalties

Chapter 6 (Articles 25 - 26)

Delegated Acts and Implementing Acts

Chapter 7 (Articles 27 - 29)

Final provisions

Recitals (1-42)

Select an Article

Select a Recital

Recital 25

Statistical counting services

(25) Accessing electronic communications networks requires the regular emission of certain data packets in order to discover or maintain a connection with the network or other devices on the network. Furthermore, devices must have a unique address assigned in order to be identifiable on that network. Wireless and cellular telephone standards similarly involve the emission of active signals containing unique identifiers such as a MAC address, the IMEI (International Mobile Station Equipment Identity), the IMSI, the WiFi signal etc. A single wireless base station (i.e. a transmitter and receiver), such as a wireless access point, has a specific range within which such information may be captured. Service providers have emerged who offer physical movements’ tracking services based on the scanning of equipment related information with diverse functionalities, including people counting, such as providing data on the number of people waiting in line, ascertaining the number of people in a specific area, etc referred to as statistical counting for which the consent of endusers is not needed, provided that such counting is limited in time and space to the extent necessary for this purpose. Providers should also apply appropriate technical and organisations measures to ensure the level if security appropriate to the risks, including pseudonymisation of the data and making it anonymous or erase it as soon it is not longer needed for this purpose. Providers engaged in such practices should display prominent notices located on the edge of the area of coverage informing endusers prior to entering the defined area that the technology is in operation within a given perimeter, the purpose of the tracking, the person responsible for it and the existence of any measure the end-user of the terminal equipment can take to minimize or stop the collection. Additional information should be provided where personal data are collected pursuant to Article 13 of Regulation (EU) 2016/679. This information may be used for more intrusive purposes, which should not be considered statistical counting, such as to send commercial messages to end-users, for example when they enter stores, with personalized offers locations, subject to the conditions laid down in this Regulation,¬†as well as the tracking of individuals over time, including repeated visits to specified locations.