December was shaping up to be a busy month for digital law. Announcements were promised regarding the futures of both VATMOSS and the ePrivacy Directive, the EU legislation containing everyone’s favourite cookie law.
The EC ran a public consultation on the latter over the summer – which, naturally, you’ll have participated in (tsk tsk) – and published a summary report here.
Yesterday the EC hinted that the proposal is now expected in January:
We are assessing the contributions received from the public consultation. #ePrivacy proposal expected in January.
— DigitalSingleMarket (@DSMeu) October 12, 2016
The consultation closed on 6 July, so why is it taking such a long time for the EC to reach their conclusions?
My hunch is that they are working through the Directive’s controversial relationship with GDPR. There is a genuinely fascinating debate (to digital law geeks, anyway) about whether GDPR in fact renders parts of the ePrivacy Directive redundant.
Some of us are working through that question’s implications post-Brexit on top of that too.
You can get a sense of the options they are looking at through the EC’s inception impact assessment document (.pdf). This non-binding summary indicates that they are looking at many new angles, including simplified rules for SMEs. The presumption of guilt and wrongdoing by anyone with a web site which was inherent in the first iteration of the directive certainly did not, as they say, win friends and influence people.
On that unavoidable subject. While the EC has been crunching the data and coming up with conclusions, the Directive’s friends and foes are well along into their usual them-against-us hysterics. Rhetoric like “tech industry gangs up on European Commission”, “there’s an obsession in Brussels with tracking and online behavioral advertising”, and “massive lobby against personal communications security has started” is already being thrown around.
It goes without saying that the makers of the web don’t give a toss about the rhetoric, the sides, or the legal nuances of the debate, nor do they fancy another round of being dragged into it (inclusive of allegations of being complicit in the multinational state surveillance apparatus) for asking basic questions about their compliance obligations.
Small wonder the EC is giving themselves a little breathing space – and a holiday break – before stepping forth unto the (data) breach.
As will we, dear readers, and so we will pick up the debate fresh in January.
On the plus side, the delayed announcement means we can spend December focusing on VATMOSS. How’s that for a lump of coal in your stocking.
About the author
Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development. She has been designing and developing web sites since 1997 and was a professional web site designer from 2007-2015. She holds a postgraduate certification in internet law and policy from the University of Strathclyde. Learn about hiring Heather to write, speak, or consult.