Open letter to European member states on the ePrivacy reform

The proposal was launched by the European Commission in January 2017, supported by the results of an EU public survey which clearly showed that individuals want privacy and security when communicating online. More than a year after the proposal was launched, a strong ePrivacy Regulation is needed more urgently than ever to complement and particularise the General Data Protection Regulation (GDPR).
Despite the clear and urgent need to strengthen the privacy and security of electronic communications, the Council’s negotiations have been inconclusive. Worse still, some Member States seem willing to prioritise the narrow business interests of, ultimately, a small number of major online companies over fundamental rights of individuals and trust to the European online economy as a whole. (1)
Not concluding or undermining the objectives of the reform creates significant risks for individuals' rights to privacy, freedom of expression and trust in the online economy. The risks have been brought into sharp focus recently. The Facebook/Cambridge Analytica scandal shows that abusive, trust-corrosive practices must be robustly tackled with clear rules. The societal implications are profound as this case is further proof that when individuals are tracked and profiled, not only is their privacy at risk, but information can be used for political and economic manipulation. By adopting a strong ePrivacy Regulation, the EU can put an end to these pervasive abuses of individuals’ electronic communications data.
In that context, we welcome the conclusions from last week’s European Council where EU leaders reiterated that EU and national legislation on privacy and personal data must be respected and enforced and undertook to ensure the adoption of the ePrivacy reform in 2018.
Civil society organisations in Europe thus call on Member States to:

• Prioritise the finalisation of their “General Approach” so that negotiations can begin with the European Parliament with the view of an adoption of a strong ePrivacy Regulation by end of 2018 that aligns with and strengthens the protections foreseen in the GDPR;
• Ensure that the Council’s position supports the effective protection of the privacy and security of communications, including by supporting a provision that ensures privacy by design and by default in both software and hardware.

• Access Now
• Antigone, Italy
• Association for Technology and Internet, ApTi, Romania
• Associação D3 - Defesa dos Direitos Digitais, Portugal
• Bits of Freedom, the Netherlands
• CILD, Italian Coalition for Civil Liberties, Italy
• Civil Liberties Union for Europe
• Digitalcourage, Germany
• Digitale Gesellschaft e.V., Germany
• Digital Rights Ireland, Ireland
• EDRi
• Electronic Foundation Norway
• epicenter.works, Austria
• Estonian Human Rights Center, Estonia
• FAImaison, France
• Federation FDN, France
• Förderverein Informationstechnik und Gesellschaft (FITUG e.V.), Germany
• Hermes Center, Italy
• Hungarian Civil Liberties Union, Hungary
• The IT Political Association of Denmark, IT Pol, Denmark
• Max Schrems, founder, Europe vs Facebook, Austria
• Open Rights Group, U.K.
• Panoptykon Foundation, Poland
• Privacy International
• quintessenz, Austria
• Vrijschrift, the Netherlands
• Xnet, Spain
• Web Foundation

(1) See National Telecommunications and Information Administration report in the United States (https://www.ntia.doc.gov/blog/2016/lack-trust-internet-privacy-and-security-may- deter-economic-and-other-online-activities) and similar figures in the ePrivacy barometer (https://ec.europa.eu/digital-single-market/en/news/eurobarometer-eprivacy) regarding the concerns on current lack of strong privacy and data protection laws.