Following the issue of the General Data Protection Regulation (“GDPR”), the European Commission has now issued a proposal for a Regulation concerning the respect for private life and the protection of personal data in electronic communications (“Privacy Regulation”), which is intended to repeal and replace the current e-Privacy Directive. 

The following are some of the salient points from the proposed regulation:

1.The Privacy Regulation will apply to any entity worldwide providing publicly-available "electronic communications services" to, or which gathers data from the devices of, users in the EU.

2.It will introduce new rules for processing the content of communications and processing communications metadata.

3.The Regulation introduces a new definition to the term “Electronic Communication Services”, thus extending the scope of the e-privacy rules to cover OTT Services. 

4.The Privacy Regulation will retain the exemption from the cookie consent requirement for analytics. However, the exemption only applies for first party analytics. This therefore means that third party analytics would still require consent. 

5.The Regulation will also apply to software providers permitting electronic communications.

Both the Privacy Regulation and the GDPR are expected to become fully effective in all EU Member States by May 2018 and are expected to have a big impact as far as data processing is concerned. This will impact every business that holds or uses European personal data both inside and outside of Europe, raising both operational and compliance parameters and costs, as well as augmenting the risks associated with any potential breaches.