ePrivacy Regulation: a risk for European innovation

The European Parliament and EU Council are currently actively working on a new ePrivacy Regulation intended to replace the outdated 2002 ePrivacy Directive. The new framework, better known as the “cookie law,” sets new standards for securing online communications and tracking confidentiality.

The idea behind this rules’ overhaul is, in principle, to make privacy fit for the changing digital landscape and align them to the General Data Protection Regulation (“GDPR”). But technology is evolving fast and the ePrivacy rules don’t seem fit to keep the pace and risk to create more damage than benefits.

For starters, by limiting communication and content data collection, the ePrivacy Regulation affects enormously small businesses and software developers.

Those rules risk to completely destroy the ad-based business model that is key for software developers and their businesses to scale-up. 38% of worldwide developers base their business model on advertising, while only 21% are still profiting from downloads and 19% are looking for subscription revenue. On top of this, the trend of adopting a mixed business model is growing: in many cases, paid app business models are integrated with alternative ad-based models.

Additionally the Regulation doesn’t leave developers and publishers with enough maneuvering room to develop interactive communications features. They rely on an open and flexible framework that enables them to create innovative solutions. Potential impacts include basic features, such as spam-filtering and fraud detection software, to emerging tech like Machine-to-Machine, Internet of Things, and applied Artificial Intelligence. This approach has been described as “protection against communication” as “the processing of electronic communications data is what telecommunication is all about.” In fact, the processing and aggregation of communication data enables the development of innovative products, such as those listed above, that are highly appreciated by consumers and are absolutely essential to modern life

What is also critical for consumers is a meaningful online experience. However, as it reads today, the ePrivacy Regulation would not allow software developers to provide their customers with the best tailored products. The proposed “solution” to the cookie impasse, along with the limits imposed to advertising and data analytics, only generates unfounded fears and doubts and reduces trust in digital businesses and their services.

Finally, the ePrivacy Regulation re-opens the discussion around consent, tracking, profiling, transparency, and security standards that are already addressed by other rules. The GDPR and the Directive on Security of Network and Information Systems (NIS), combined with a revised Electronic Communications Code, already guarantee a more than sufficient level of privacy and data protection. Imposing an additional level of regulation is unnecessary and goes against the Commission’s Better Regulation agenda.

Whilst we support any effort to streamline existing privacy rules and make them fit the digital age, we believe that the ePrivacy Regulation will not deliver on either of those objectives. If passed, it will jeopardise the success of our digital startups and continued innovation.

To learn more about the Alliance position on the ePrivacy Regulation, see our position paper here.


Director, European Policy & Government Relations