EU-28: Introduced ePrivacy Regulation containing data governance measures

The European Commission introduced a proposal for a Regulation concerning the respect for private life and the protection of personal data in electronic communications and repealing the Directive 2002/58/EC (ePrivacy Directive). The Regulation complements the General Data Protection Regulation (GDPR) by detailing the cases in which the providers of electronic communications can process, store and erasure data, metadata (location, time, and recipient of a piece of communication) and electronic communications content. Generally, the Regulation allows any user to withdraw its consent from data processing and storage (opt-out). Websites can longer use legitimate interest as the basis for installing cookies; the only bases to use them without consent is for providing a service requested by the user, for transmitting a piece of communication in an electronic communications network or for security reasons. On the websites, the available choices about cookies may be provided using standardized icons in an "easily visible, intelligible and clearly legible manner" and users must be able to use their Web Browser software to automatically consent or retrieve the use of certain types of cookies provided by selected providers (whitelisting/blacklisting). Moreover, the Regulation provides that users shall be able to automatically reject anonymous incoming calls or calls coming from specific numbers, and marketing calls shall present a specific prefix or use a number that can be used to contact the calling organization.