Tuesday 11th December 2018

ePrivacy Proposal

This text is a draft proposal published by the European Council on 4th May, 2018

Chapter 1 (Articles 1 - 4)

General provisions

Chapter 2 (Articles 5 - 11)

Protection of electronic communications of end-users and of the integrity of their terminal equipment

Chapter 3 (Articles 12 - 17)

End-users' rights to control electronic communications

Chapter 4 (Articles 18 - 20)

Independent supervisory authorities and enforcement

Chapter 5 (Articles 21 - 24)

Remedies, liability and penalties

Chapter 6 (Articles 25 - 26)

Delegated Acts and Implementing Acts

Chapter 7 (Articles 27 - 29)

Final provisions

Recitals (1-42)

Select an Article

Select a Recital

Recital 8

Scope

(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to providers of software permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or make use of processing and storage capabilities of terminal equipment or collect information related to processed by or emitted by or stored in end-users’ terminal equipment. Furthermore, this Regulation should apply regardless of whether the processing of electronic communications data or personal data of end-users who are in the Union takes place in the Union or not, or of whether the service provider or person processing such data is established or located in the Union or not. Some end-users, for example payment service providers and payment systems, process as recipients their electronic communications data for different purposes or permit other parties to process their data on their behalf. Such processing may include the processing by a information society provider, or another party on its behalf, for purposes such as ensuring network and information security, including the prevention, monitoring and termination of fraud, unauthorised access and Distributed Denial of Service attacks, or facilitating efficient delivery of website content. Such processing is not covered by this Regulation.

(8a) This Regulation does not apply to the electronic communications data of deceased persons. Member States may provide for rules regarding the processing of electronic communications data of deceased persons.