The European ePrivacy Regulation (Council Proposal 10.02.2021)

ePrivacy Regulation, Preamble 31 to 43.

(31) Providers of number-based interpersonal communications services should inform the end-users who are natural persons of the search functions of the directory and obtain their consent before enabling such search functions related to their personal data. The categories of personal data included in the directory and the categories of personal data on the basis of which the end-user's contact details can be searched should not necessarily be the same.

(32) In this Regulation, direct marketing communications refers to any form of advertising sent by a natural or legal person directly to one or more specific endusers using publicly available electronic communications services.

The provisions on direct marketing communications do should not apply to other form of marketing or advertising that is not sent directly to any specific end-user for reception by that end-user at addresses, number or other contact details, e.g. the display of advertising on a visited website or within an information society service requested by that end-user.

In addition to direct communications advertising for the offering of products and services for commercial purposes, Member States may decide that direct marketing communications may include direct marketing communications sent by political parties that contact natural persons via publicly available electronic communications services in order to promote their parties. The same applies to messages sent by other non-profit organisations to support the purposes of the organisation.

(33) Safeguards should be provided to protect end-users against direct marketing communications, which intrude into the privacy of end-users. The degree of privacy intrusion and nuisance is considered relatively similar independently of the wide range of technologies and channels used to conduct these electronic communications, whether using automated calling and communication systems, instant messaging applications, emails, SMS, MMS, Bluetooth, etc.

It is therefore justified to require that consent of the end-users who are natural persons is obtained before direct marketing communications are sent to them in order to effectively protect them against the intrusion into their private life.

Legal certainty and the need to ensure that the rules protecting against direct marketing communications remain future-proof justify the need to define in principle a single set of rules that do not vary according to the technology used to convey these direct marketing communications, while at the same time guaranteeing an equivalent level of protection for all citizens throughout the Union.

However, it is reasonable to allow the use of contact details for electronic message within the context of an existing customer relationship for the offering of similar products or services. Such possibility should only apply to the same company that has obtained the contact details for electronic message in accordance with Regulation (EU) 2016/679.

(33a) Voice-to-voice direct marketing calls that do not involve the use of automated calling and communication systems are more costly for the sender and impose no financial costs on end-users. Member States should therefore be able to establish and or maintain national systems which allow all or certain types of voice-to-voice calls to end-users who are natural persons and who have not objected, including in the context of an existing customer relationship.

(34) When end-users who are natural persons have provided their consent to receiving direct marketing communications, they should still be able to withdraw their consent at any time in an easy manner and without any cost to them. To facilitate effective enforcement of Union rules on direct marketing communications, it is necessary to prohibit the masking of the identity and the use of false identities, false return addresses or numbers while sending direct marketing communications.

Direct marketing communications should therefore be clearly recognizable as such and should indicate the identity of the legal or the natural person sending or the communication and, where applicable, on whose behalf the communication is sent and provide the necessary information for end-users who are natural persons to exercise their right to withdraw their consent to receiving further direct marketing communications, such as valid contact details (e.g. link, e-mail address) which can be easily used by end-users who are natural persons to withdraw their consent free of charge.

(35) Legal or natural persons conducting direct marketing communications through voiceto-voice calls and through calls by automating calling and communication systems should present their identity line on which the company can be called. Member States are encouraged to introduce by means of national law a specific code or prefix identifying the fact that the call is a direct marketing call to improve the tools provided for the end-users in order to protect their privacy in more efficient manner. Using a specific code or prefix should not relieve the legal or natural persons sending direct marketing call from the obligation to present their calling line identification.

(36) deleted.

(37) deleted.

(38) Member States should be able to have more than one supervisory authority, to reflect their constitutional, organisational and administrative structure. The designation of supervisory authorities responsible for the monitoring of the application of this Regulation cannot affect the right of natural persons to have compliance with rules regarding the protection of personal data subject to control by an independent authority in accordance with Article 8(3) of the Charter as interpreted by the Court.

End-users who are legal persons should have the same rights as end-users who are natural persons regarding any supervisory authority entrusted to monitor any provisions of this Regulation. Each supervisory authority should be provided with the additional financial and human resources, premises and infrastructure necessary for the effective performance of the additional tasks designated under this Regulation.

(39) Each supervisory authority should be competent on the territory of its own Member State to exercise the powers and to perform the tasks set forth in this Regulation. Member States and their supervisory authorities are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of this Regulation.

(40) In order to strengthen the enforcement of the rules of this Regulation, each supervisory authority should have the power to impose penalties including administrative fines for any infringement of this Regulation, in addition to, or instead of any other appropriate measures pursuant to this Regulation.

This Regulation should indicate infringements and the upper limit and criteria for setting the related administrative fines, which should be determined by the competent supervisory authority in each individual case, taking into account all relevant circumstances of the specific situation, with due regard in particular to the nature, gravity and duration of the infringement and of its consequences and the measures taken to ensure compliance with the obligations under this Regulation and to prevent or mitigate the consequences of the infringement. For the purpose of setting a fine under this Regulation, an undertaking should be understood to be an undertaking in accordance with Articles 101 and 102 of the Treaty.

(41) In order to fulfil the objectives of this Regulation, namely to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data and to ensure the free movement of personal data within the Union, the power to adopt acts in accordance with Article 290 of the Treaty should be delegated to the Commission to supplement this Regulation.

In particular, delegated acts should be adopted in respect of the information to be presented, including by means of standardised icons in order to give an easily visible and intelligible overview of the collection of information emitted by terminal equipment, its purpose, the person responsible for it and of any measure the end-user of the terminal equipment can take to minimise the collection. It is of particular importance that the Commission carries out appropriate consultations and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better LawMaking of 13 April 2016.

In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts. Furthermore, in order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission when provided for by this Regulation. Those powers should be exercised in accordance with Regulation (EU) No 182/2011.

(42) Since the objective of this Regulation, namely to ensure an equivalent level of protection of natural and legal persons and the free flow of electronic communications data throughout the Union, cannot be sufficiently achieved by the Member States and can rather, by reason of the scale or effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

(43) Directive 2002/58/EC should be repealed.


Note: This is not the final text of the ePrivacy Regulation. This is the text of the ePrivacy Regulation Proposal of the Council of the European Union from 10.2.2021.