Dataguidance is reporting that the German presidency has produced its progress report on the last six months of discussions on the ePrivacy Regulation. Recall that this was supposed to come into force on the same day as the GDPR… And it seems that Member States still haven’t reached agreement on what purposes might justify a service provider processing communications metadata, or using the processing and storage capabilities of end-user devices (including storing and reading cookies).
There is a hint, at least, that the range of options may have narrowed slightly – with “broad support” for the idea that it should be less than simply adopting the Legitimate Interests basis provided for processing under the GDPR. But also a general feeling that the current detailed list of permitted options was “too restrictive towards innovation”. So far, so good…
But then there’s a suggestion from “a number of Member States” that discussions under the Portugese presidency in the first half of 2021 should start, not from the current German proposal, but from the one handed over by the Finns at the end of 2019. So I’m not sure whether we are going forwards or backwards…
