In a recent article entitled “E-Privacy, Telcos and Online Providers: Issues of Consent,” originally published in InterMEDIA, Cathal Flynn and Matthew Byford (members of Squire Sanders’ Data Protection & Privacy practice), survey the current complex EU data protection and e-privacy rules (and proposed changes to such rules) relating to the form of consent that is required when processing subscriber traffic and location data for purposes of marketing and providing value-added services.
One of their main concerns is the current divergence in the regulatory treatment of telcos under the E-Privacy Directive, as compared with the treatment of online and over-the-top providers under the General Directive. The former tends to be more restrictive, specifically requiring “prior” consent, but without specifying whether prior consent must be explicit or implied. Under the General Directive, on the other hand, consent is just one of the potential bases for the processing of personal data. To make matters even more complex, the practical implementation of these rules is being dealt with differently at the national level within individual EU countries.
The authors question whether current efforts to reform the law and establish a coherent, workable EU-wide standard for consent, which does not favor online providers over telcos, is on the horizon. They note that:
a converged and user-friendly approach to data protection regulation would make life much easier for the supposed beneficiaries of regulation – consumers…
Ivan Rothman, or any of the authors of the article listed above, can be contacted for more information.