No tracking without consent! No tracking walls!
In recital 20 of the current working draft, the Council of the European Union has replaced an "and" with an "or" and by this seemingly small chang, reversed important safeguards. Instead of consent and transparent information, highly invasive tracking will be possible with consent or transparent information. This implies that users may be coerced to decide if they want to subject themselves to commercial surveillance or not to access the service. Under these circumstances, the ePrivacy Regulation would end up lowering standards agreed under the GDPR. This change must be reversed – in the recital and in corresponding articles as well.
The EU Parliament had provided for a ban on tracking walls in Art. 8 paragraph 2 a. The Council of the European Union did not add a similar paragraph. Tracking walls only allow access to a page if the user gives their consent to a large number of his data being processed. Under these circumstances, consent will be forced and meaningless. Therefore, we request the prohibition of tracking walls.
Privacy by Default!
Article 10 should provide that all internet users' right to privacy are protected by design and by default. The European Parliament proposal is in line with the GDPR and supported by data protection authorites. Instead the Council of the EU is proposing to delete Article 10 in its entirety, giving in to pressure from the advertising industry. If Article 10 is deleted those who will be affected first and foremost are vulnerable groups of citizens: elderly people, children and people without much awareness on how their information is being hoovered. We may not even have browsers with settings that allow us to effectively shut out third parties. We demand a strong Article 10 that provides privacy by design and by default.
No private data retention!
The current Directive allows the processing of metadata only for strictly limited purposes. The EU Council now wants to weaken these provisions. Instead of improving the protection of our communications data, the Council wants to give telecommunications providers more opportunities to surveil us. When and where we communicate with whom is nobody's business! Although telecommunications providers will only be allowed to store this data pseudonymously, this does not effectively protect users. Pseudonyms can be traced back and associated with a person. The pseudonymous data collection may still be used to trace individuals and lay bare the most intimate details of their life. We demand the deletion Article 6 (2a)! The changes in Article 6 (2) have to be withdrawn.
Protect our data when it is stored!
The EU-Council text clarifies that the protection only applies in transit. The European Parliament's draft envisaged our data to be protected also when it is stored. And this is very important. Lots of services like messengers and data exchange platforms are based on central servers. Thus, it must be clearly defined what the company that owns this server is allowed to do with our messages. We do not want companies scanning our messages after we have received them. Stored data must be protected as well as data in transit.
These demands are supported by the following organisations:
Netzwerk Datenschutzexpertise (Germany)
[Update, 29th January 2019] The following organisations have signed the above demands after the 25th January:
Arbeitskreis Vorratsdatenspeicherung (Germany)
Datenschutzraum e.V. (Germany)
Initiative für Netzfreiheit (Austria)
Privacy International (International)
Digitale Gesellschaft (Germany)