Following a leak in early December, the European Commission has officially published the finalised proposed new legislation which aims to strengthen privacy in electronic communications. The Regulation on Privacy and Electronic Communications (“Proposal”) aims to repeal the ePrivacy Directive. These rules will be updating existing laws and bringing them in line with the new General Data Protection Regulation (“GDPR”), forming part of the Digital Single Market Strategy.

The Commission also put forward another proposal for a new set of rules which will ensure that personal data processed by EU institutions and bodies is regulated in the same way as under the GDPR in Member States.

The Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, said: “The European data protection legislation adopted last year sets high standards for the benefit of both EU citizens and companies. Today we are also setting out our strategy to facilitate international data exchanges in the global digital economy and promote high data protection standards worldwide.”

The salient features of the Proposal are the following:

The European Consumer Organization (BEUC), pointed out two key elements that are found within the GDPR, but are lacking in the Proposal: privacy by design rules and a possibility for consumers to institute a group action. Although privacy by design was included in the leaked draft, it is now no longer part of the proposed legislation. It remains to be seen whether the Proposal will be amended to include a right for group action, as in the GDPR.

The Commission aims to have these rules adopted on the 25th May 2018, the very day on which the GDPR will be coming into force.