Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Malta > Legal Developments > Law firm and leading lawyer rankings

Editorial

LEAKED EPRIVACY DRAFT: WHAT TO EXPECT

January 2017 - Intellectual Property. Legal Developments by GVZH Advocates.

More articles by this firm.

Following the introduction of the General Data Protection Regulation, the European Commission has been working on reforming the E-Privacy Directive. The draft law was leaked on the 13th of December 2016. Although this is not the final version, we now have a clearer idea of what to expect in the coming months. The Privacy and Electronic Communications Regulation is expected to be finalized by January 2017. Since this is no longer a directive but is now a regulation, there is no need for it to be transposed. It will become effective within 6 months as opposed to the normal 2 year period, which means that companies will have a much shorter time period within which to bring themselves in line with the Regulation.

The most important changes found within the draft Regulation are the following:

  • Prior consent must be obtained for cookies and any other kind of online tracking techniques (first party analytics are exempted). Nevertheless, when cookies are necessary for technical reasons, there is no need for consent. This means that pop-ups requiring consent for cookies will no longer be necessary.
  • Privacy by design – device and software manufacturers must set default settings to block cookies by third parties.
  • New opt-in requirement for direct marketing phone calls. However, Member States may choose to allow such calls on an opt out basis instead. There must be a specific marketing prefix number making these calls easily identifiable.
  • Direct marketing by electronic communications is only allowed with respect to end users who have given their prior consent.
  • Information related to the end user’s device is now protected.
  • Publicly available directories must obtain consent from end users (if natural persons) prior to including their personal data in the directory.
  • Consent may be withdrawn but only at periodic intervals every six months
  • Fines which may be imposed in the case of a breach of the provisions of this Regulation are the following, depending on the offence in question:
    • 4% of global revenues or €20 million, whichever is higher; or
    • 2% of global revenues or €10 million, whichever is higher, for providers of devices and software who fail in their privacy by default obligations.

Although a revamped privacy regulation is welcome, it is certainly lacking in two important areas: it makes no mention of data retention or encryption. Local Data Protection Authorities will be responsible for the implementation of this Regulation. “OTT” (over the top) services such as Skype, Whatsapp, Facebook and Messenger will be expected to comply, together with traditional telecommunication services providers. The Regulation will have extra territorial effects as even third country websites will be required to conform in order to ensure that website visitors hailing from the European Union will have their rights protected.

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

International Law Firm Networks

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

GC Powerlist -
Europe

International Law Firm Networks