Access to data / consent / content data / Data protection / Data retention / metadata / Privacy

4 thoughts on “The proposed ePrivacy Regulation: When the EC converses with the CJEU…

  1. So, recital 15 seems to suggest that third-party advertising is “interception” – but not on the grounds that anything is really intercepted, instead on the grounds that it is non-consensual. That makes me uncomfortable. To my mind, given that tracking in that context takes place only with the express agreement and involvement of the first party website, it would be better framed as non-consensual data sharing by the first party. No message was intercepted during transit, instead, a new message was created by the first party website and sent to the third party, containing information about the previous interaction.

    In many ways – and I can’t believe I agree with the IAB – that seems to be covered by the standard justification and fairness requirements of the DPD/GDPR. To my mind, cross-website tracking in order to target advertisements is (99.99% of the time) a purpose that’s different to what was intended when the user visited the first party website, and so another legitimate interest or consent-basis should be sought a) by the first party website to initiate a transfer of data to the third party, and b) by the third party to perform any processing on the received data.

  2. Pingback: Law and Media Round Up – 16 January 2017 | Inforrm's Blog

  3. Pingback: Data Protection Concerns raised by Proposed EU Directive on Contracts for Supply of Digital Content | Peep Beep!

Leave a Reply