ePrivacy Regulation, Article 6a, Permitted processing of electronic communications content.
1. Without prejudice to Article (6) 1, providers of the electronic communications networks and services shall be permitted to process electronic communications content only:
(a) for the purpose of the provision of a service requested by an end-user for purely individual use if the requesting end-user has given consent and where such requested processing does not adversely affect fundamental rights and interests of another person concerned; or
(b) if all end-users concerned have given their consent to the processing of their electronic communications content for one or more specified purposes.
2. Prior to the processing in accordance with point (b) of paragraph 1 the provider shall carry out a data protection impact assessment of the impact of the envisaged processing operations on the protection of electronic communications data and consult the supervisory authority if necessary pursuant to Article 36 (1) of Regulation (EU) 2016/679. Article 36 (2) and (3) of Regulation (EU) 2016/679 shall apply to the consultation of the supervisory authority.
Note: This is not the final text of the ePrivacy Regulation. This is the text of the ePrivacy Regulation Proposal of the Council of the European Union from 10.2.2021.