Read on Twitter
April 13. Bulgarian Presidency updated working dc on the #ePrivacy Regulation. data.consilium.europa.eu/doc/document/S…
"recital 21 now provides an example where making access to a website conditional on the acceptance of cookies is not considered justified"
"recital 21 now provides an example where making access to a website conditional on the acceptance of cookies is not considered justified"
But much to review and .. hmmmm
"Access to specific website content may still be made conditional on the well-informed acceptance of the storage of a cookie or similar device identifier, if it is used for a legitimate purpose ,,"
"Access to specific website content may still be made conditional on the well-informed acceptance of the storage of a cookie or similar device identifier, if it is used for a legitimate purpose ,,"
“… This will for example not be the case of a cookie which is recreated after the deletion by the end-user."
Must have been some serious industry lobbying. Cookies a legitimate tool for measuring the effectiveness of advertising … 
"this Regulation should provide for the possibility to express consent by using the appropriate settings of a browser or other application.” < well, I already set DNT .. so how about enforcing that ...
Sneaky. Eroding data protection by design and default. Defaults matter greatly …. what a ‘privacy setting' is defaulted to is hugely important and can provide or erode privacy. The ePR needs an explicit data protection and privacy by design and default obligation
Subtleties of policy. Eroding consent and shifting the burden of responsibility to ‘software’ providers …..
YOUR location privacy seems to matter less to policy makers. Hmm .. more to consider
Good "direct marketing communications also may include messages sent by political parties that contact natural persons via electronic communications services in order to promote their parties.” “The same .. applies to messages sent by other non-profit organisations "
"End-users who have consented to the processing of electronic communications data as set out in point (c) of Article 6(2) and points (a) and (b) of Article 6(3) shall ..be reminded of the possibility to withdraw their consent at periodic intervals of [no longer than 12 months"
processing of communications metadata permitted for "scientific research or statistical purposes provided it is based on Union or Member State law” under specific measures + safeguarding of rights & interests of individuals .. without consent .. but with right to object ..
hmm Art 6(2)(f) . a public authority can request the processing of communications metadata for the purpose of statistical counting
implications for entities analysing content of communications for advertising - Article 6(3) (a) (aa) (b)
Art 6(3a)(a) ECS providers will need to exclude communications metadata that reveal special categories of personal data pursuant to Article 9 of the GDPR .. where technically feasible … <think of those SSID that reveal a location that may be a Mosque, or a health clinic
Article 10 in what should be data protection and privacy by design and default has essentially been butchered at the alter of industry.
Good "Member States shall ensure, in the framework of Union law and applicable national law, that the legitimate interest of end-users that are legal persons with regard to unsolicited direct marketing communications .. are sufficiently protected."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
