<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Here is another piece of commentary on the committee vote on the proposed ePrivacy Regulation, from a somewhat different perspective: <a href="https://www.lexology.com/library/detail.aspx?g=acc01469-64a8-452e-ad57-f9953852a3a8">https://www.lexology.com/library/detail.aspx?g=acc01469-64a8-452e-ad57-f9953852a3a8</a></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">For context, the statement notes: </div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div class="gmail_default"><font face="verdana, sans-serif"><span style="color:rgb(51,51,51)">The vote was 31 votes in favor, 24 votes against and 1 abstention. The outcome of the plenary of the European Parliament (in a vote which is expected on October 26, 2017) is not clear and the negotiations with the Member States in the Council have yet to begin.</span></font></div></blockquote><div class="gmail_default"><span style="color:rgb(51,51,51)"><font face="verdana, sans-serif"><br></font></span></div><div class="gmail_default"><font face="verdana, sans-serif"><span style="color:rgb(51,51,51)">This statement also reports on an independent study of the proposed ePrivacy Regulation by </span><span style="color:rgb(51,51,51)">Professor Niko Haerting of Haerting Rechtsanwaelte, Berlin,</span><span style="color:rgb(51,51,51)"> and includes the study's key findings:</span></font></div><div class="gmail_default"><font face="verdana, sans-serif"><span style="color:rgb(51,51,51)"><br></span></font></div><div class="gmail_default"><font face="verdana, sans-serif"><span style="color:rgb(51,51,51)"><div class="gmail_default"><ul><li>With the prohibition on “processing” communications data, the Regulation would be a serious obstacle to digital innovations in Europe and to the development of new beneficial services based on data use and machine learning. The prohibition on “processing” would constitute a substantial setback to the European digital economy.<br></li><li>Excessive consent requirements would lead to red tape and tick boxes, which are likely to irritate consumers. This will negatively impact their online experience.<br></li><li>Art. 5 of the Regulation introduces a new prohibition on the “processing” of communications data. However, it is exactly the “processing” of communications data that that the customer pays for (as opposed to “interception” or “surveillance”). The prohibition should be limited to interception and surveillance of messages.<br></li><li>With respect to metadata, it is unclear why IP addresses and other “online identifiers” clearly covered by the GDPR need to be regulated in the Regulation as well.<br></li><li>Art. 6 of the Regulation does not work for machine-to-machine communication, wearables, connected cars and the Internet of Things (“IoT”). In machine-to-machine-communication, raw data are transmitted that qualify neither as “content” nor metadata.<br></li><li>When customers use digital communications services (e.g., email, messenger), they will expect their messages to be stored by the provider. Moreover, they will expect to be in control when it comes to the erasure of messages. Therefore, the provider’s duty to erase content is against the user’s interests and contrary to the user’s expectations.<br></li><li>Given that “online identifiers” cookies are covered by the GDPR, it is unclear why additional provisions are needed in the Regulation.<br></li><li>Web analytics tools are, on the one hand, recognized as “legitimate and useful”. On the other hand, hardly any analytics tool will be covered by the exception from the consent requirement, because the exception is applicable only when a website operator is using his or her own analytics tool. This is contradictory.<br></li><li>Fingerprinting falls under the “cookie provision” of Art. 8 of the Regulation and requires consent. For the time being, it does not appear to be realistic to expect that there will soon be browser settings on the market that meet the requirements of consent for fingerprinting. There are presently no standards for such settings on the market, and the standards that can be found in the Regulation focus exclusively on cookies and neglect fingerprinting and other non-cookie tracking technologies.<br></li><li>WI-FI and Bluetooth tracking are prohibited by Art. 8 (2) of the Regulation and no consent exception is provided. This is not in line with the intention of making consent the “central legal ground” of the Regulation.<br></li><li>The obligation to display “prominent notices” limits the lawfulness of WI-FI and Bluetooth tracking to tools that monitor a building or a pre-defined area.<br></li><li>The over reliance on consent is based on false assumptions when it comes to legal persons. The Regulation aims at protecting privacy and extending such protection to legal persons. However, it is unclear whose consent is relevant.<br></li><li>Art. 10 of the Regulation obliges app providers to enable users to prevent the storing of “information.” However, it is such storage that often will be a fundamental function of the app. There is no reason why the provider of a messenger app should be obliged to enable his or her customers to prevent the storing of messages, pictures and voice files on their smartphones given that the receipt and (temporary) storage of content is the main purpose of the app.<br></li></ul></div></span></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 20, 2017 at 8:30 AM, Ayden Férdeline <span dir="ltr"><<a href="mailto:icann@ferdeline.com" target="_blank">icann@ferdeline.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Greetings, all-<br></div><div><br></div><div>I found <a href="https://www.accessnow.org/vote-eprivacy-eu-civil-liberties-committee-makes-improvements-users-rights/" title="this statement" rel="nofollow" target="_blank">this statement</a> interesting, and thought others might too given recent comments on our list regarding the ePrivacy Directive. I have pasted the relevant text below (emphasis added). <br></div><div><br></div><div>Best wishes, Ayden<br></div><div>--<br></div><div><br></div><div><b>In vote on ePrivacy, EU civil liberties committee makes improvements for users’ rights </b><b><br></b></div><div>19 OCTOBER 2017 | 5:28 AM<br></div><div><br></div><div>Brussels, BE—Today, the Civil Liberties, Justice and Home Affairs Committee (LIBE) of the European Parliament <b>adopted its report on the ePrivacy Regulation which aims at strengthening users’ right to privacy and the confidentiality of communications. The committee has included new measures on privacy by default, safeguards the use of secure encryption technology, and improves corporate accountability</b> by requiring companies to publish yearly transparency reports. The committee however lacked ambition in developing protections against tracking.<br></div><div><br></div><div>“This vote is an important step as we move toward adoption of a strong ePrivacy Regulation, with the capacity to secure human rights for millions of people,” said Estelle Massé, Senior Policy Analyst at Access Now.“While the report is not perfect, Access Now congratulates the LIBE committee for its <b>valuable and necessary work to protect the fundamental right to privacy in the digital age</b>.”<br></div><br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>