Der Europäische Datenschutzbeauftragte (EDPS) hat heute (25. Juli 2016) seine vorläufige Stellungnahme zur Überprüfung der E‑Privacy Richtlinie 2002/58/EG (Opinion 5/2016) veröffentlicht. Hierin betont der EDPS, dass der Geltungsbereich der neuen E‑Privacy Bestimmungen ausgedehnt werden müsse, sodass sich deren Anwendung nicht auf die elektronische Kommunikation mittels traditioneller Telekommunikations- und Internetdienstanbieter beschränke.
The scope of the new legal framework must be extended. This is to take account of technological and societal changes and to ensure that individuals be afforded the same level of protection for all functionally equivalent services, irrespective whether they are provided, for example, by traditional telephone companies, by Voice over IP services or via mobile phone messaging apps. Indeed, there is a need to go even further and protect not only ‘functionally equivalent’ services, but also those services that offer new opportunities for communication. The new rules should also unambiguously continue to cover machine-to-machine communications in the context of the Internet of Things, irrespective of the type of network or communication service used. The new rules should also ensure that the confidentiality of users’ communications will be protected on all publicly accessible networks, including Wi-Fi services in hotels, coffee shops, shops, airports and networks offered by hospitals to patients, universities to students, and hotspots created by public administrations.
Consent should be genuine, offering a freely given choice to users, as required under the GDPR. There should be no more ‘cookie walls’. Beyond a clear set of exceptions (such as first party analytics), no communications should be subject to tracking and monitoring without freely given consent, whether by cookies, device-fingerprinting, or other technological means. Users must also have user-friendly and effective mechanisms to provide and revoke their consent within the browser (or other software or operating system).
Ferner betonte der EDPS, dass die neuen E‑Privacy Bestimmungen die Schutznormen der Datenschutzgrundverordnung ergänzen und – wo notwendig – spezifizieren sollen.