As mentioned in the introduction to our blog series on ePrivacy Regulation in the EU, the EU Council has reached a compromise agreement on its position on the new ePrivacy Regulation.
The strengthening of the protection of privacy in the context of electronic communications, which is central in the draft ePrivacy Regulation, has also been identified as a priority by the Belgian data protection authority (DPA) in its strategic plan 2020-2025 ('the Plan').
ePrivacy as a key priority of the Belgian DPA
The Belgian DPA identifies a couple of priority sectors it will focus on, including telecommunication and media, on the grounds that 'companies operating in the telecommunications sector have access to a massive amount of personal data allowing them to geolocate participants in a telephone conversation or written data exchange. In addition, they can access the content of these exchanges, which sometimes reveals highly personal information. These operators also hold all the identification data of the users of their services, their prior identification being in some cases required by law. Moreover, this is a very competitive sector, which implies that its players could be encouraged to use personal data to gain a competitive advantage (via targeted advertising for example).'
Another area of focus will be direct marketing, 'firstly because it could be tempted to draw inspiration from the practices of foreign companies that do not seem to be acting in compliance with the GDPR, but also because it uses technologies that are evolving at a phenomenal pace (we are thinking in particular of certain predictive algorithms) and finally because some players in this sector have, for many years, had difficulty interpreting certain concepts, some of which have been clarified by the GDPR, while others require guidance as to how to interpret them.'
Increasing enforcement likely to come
While these areas will be covered by the ePrivacy Regulation, enforcement in these areas on the basis of the GDPR is also likely to increase in the coming months and years, regardless of when the ePrivacy Regulation enters into force. Also, while the Belgian DPA will likely not be the (main) supervisory authority to enforce the ePrivacy Regulation in Belgium when it enters into force, co-ordinated enforcement actions grounded on a combination of the GDPR and the ePrivacy Regulation cannot be excluded.
Organisations should closely monitor the scope of the ePrivacy Regulation and its interplay with the GDPR to prepare for its implementation.
Other post in this series include:
- EU's ePrivacy reforms inch forward (introduction)
- EU’s ePrivacy reforms: a UK perspective
- EU’s ePrivacy reforms: a French perspective
- EU’s ePrivacy reforms: a Belgian perspective
- EU’s ePrivacy reforms: a Russian perspective
- EU’s ePrivacy reforms: a Spanish perspective
- EU’s ePrivacy reforms: an Austrian perspective
- EU’s ePrivacy reforms: a Dutch perspective