Der Euro­päi­sche Daten­schutz­be­auf­trag­te (EDPS) hat heu­te (25. Juli 2016) sei­ne vor­läu­fi­ge Stel­lung­nah­me zur Über­prü­fung der E‑Privacy Richt­li­nie 2002/58/EG (Opi­ni­on 5/2016) ver­öf­fent­licht. Hier­in betont der EDPS, dass der Gel­tungs­be­reich der neu­en E‑Privacy Bestim­mun­gen aus­ge­dehnt wer­den müs­se, sodass sich deren Anwen­dung nicht auf die elek­tro­ni­sche Kom­mu­ni­ka­ti­on mit­tels tra­di­tio­nel­ler Tele­kom­mu­ni­ka­ti­ons- und Inter­net­dienst­an­bie­ter beschrän­ke.

The scope of the new legal frame­work must be exten­ded. This is to take account of tech­no­lo­gi­cal and socie­tal chan­ges and to ensu­re that indi­vi­du­als be affor­ded the same level of pro­tec­tion for all func­tio­n­al­ly equi­va­lent ser­vices, irre­spec­tive whe­ther they are pro­vi­ded, for examp­le, by tra­di­tio­nal tele­pho­ne com­pa­nies, by Voice over IP ser­vices or via mobi­le pho­ne messa­ging apps. Inde­ed, the­re is a need to go even fur­ther and pro­tect not only ‘func­tio­n­al­ly equi­va­lent’ ser­vices, but also tho­se ser­vices that offer new oppor­tu­nities for com­mu­ni­ca­ti­on. The new rules should also unam­bi­guous­ly con­ti­nue to cover machi­ne-to-machi­ne com­mu­ni­ca­ti­ons in the con­text of the Inter­net of Things, irre­spec­tive of the type of net­work or com­mu­ni­ca­ti­on ser­vice used. The new rules should also ensu­re that the con­fi­dentia­li­ty of users’ com­mu­ni­ca­ti­ons will be pro­tec­ted on all publicly acces­si­ble net­works, inclu­ding Wi-Fi ser­vices in hotels, cof­fee shops, shops, air­ports and net­works offe­red by hospi­tals to pati­ents, uni­ver­si­ties to stu­dents, and hot­spots crea­ted by public admi­ni­stra­ti­ons.

Con­sent should be genui­ne, offe­ring a free­ly given choice to users, as requi­red under the GDPR. The­re should be no more ‘coo­kie walls’. Beyond a clear set of excep­ti­ons (such as first par­ty ana­ly­tics), no com­mu­ni­ca­ti­ons should be sub­ject to tracking and moni­to­ring wit­hout free­ly given con­sent, whe­ther by coo­kies, device-fin­ger­prin­ting, or other tech­no­lo­gi­cal means. Users must also have user-friend­ly and effec­tive mecha­nisms to pro­vi­de and revo­ke their con­sent wit­hin the brow­ser (or other soft­ware or ope­ra­ting system).

Fer­ner beton­te der EDPS, dass die neu­en E‑Privacy Bestim­mun­gen die Schutz­nor­men der Daten­schutz­grund­ver­ord­nung ergän­zen und – wo not­wen­dig – spe­zi­fi­zie­ren sol­len.

Posted by Jacqueline Sievers

RA Dr. Jaqueline Sievers war von 2013-2015 bei Homburger tätig und ist zurzeit LL.M-Studentin in Edinburgh.