“Go back to Baltic Avenue!” – this command doesn’t create a good mood in the Monopoly game. The same applies to the EU Member States’ telecommunications and transport ministers who gathered in Brussels on December 3, 2019 for a Council meeting when the new Internal Market Commissioner, Thierry Breton, noted the temporary failure of the governments’ almost three-year efforts to reach a consensus on the draft e-privacy regulation presented by the Commission at the beginning of 2017: „We’ll have to put a new proposal on the table because I definitely think that everybody wants to do something, but obviously you are not in agreement“. He added, however, that the Commission wanted to take up the work done so far and that the process would not have to start entirely „from scratch“.
The European Parliament already positioned on the E-Privacy proposal at an early stage with its opinion adopted in October 2017. The governments are once again proving to be slowing down a project that is extremely important for the future of the European Union, its citizens and the European economy. The failure was foreseeable, in particular because the original Commission draft was to be „enriched“ by governments with all kinds of wishes, from an opening clause for national regulations on data retention to deep packet inspection to combat child pornography. At the same time, data protection requirements have been further weakened by the governments representatives.
In Sunday speeches the governments conjure up the “digital sovereignty of Europe”. Nevertheless, the patchwork of inconsistent data protection laws for electronic services remains for the time being. The E-Privacy Directive (2002/58/EC) has been implemented very differently in the Member States. In Germany, the various federal governments have even completely refused to implement central data protection rules that are legally binding in Europe, especially with regard to the permissibility requirements for the use of „cookies“. The German data protection authorities have therefore quite rightly clarified that the corresponding provisions of the German Telemedia Act are no longer applicable and have been superseded by the General Data Protection Regulation (GDPR) since 2018. The European Court of Justice (ECJ) also recently underlined the invalidity of those provisions of the Telemedia Act, which conflict with the Directive (ECJ, Case C-673/17, judgment of 1 October 2019, “Planet49”). However, the European Commission is partly to blame for this unsustainable situation, as it has so far, contrary to better knowledge, refrained from initiating infringement proceedings against those member states which have not implemented the E-Privacy Directive at all, or have done so incompletely or incorrectly.
Since the adoption of the GDPR in May 2016 it is clear that the general provisions fixed there must be flanked and concretized area-specifically data protection regulations. This applies in particular to electronic services, which are offered normally also outside the providers’ territory. The fact that there are still considerable legal differences between the Member States, particularly with regard to digital services, has a massively detrimental effect on the European internal market. This situation is being exploited – not least by global, non-European players. On the other hand, the different national regulations make life difficult for smaller European companies, for example if a start-up wants to offer its service in more than one Member State. Unlike these small and medium-sized businesses, Microsoft, Google, Facebook, Amazon & Co have large legal departments and can afford expensive specialist lawyers who can handle the 28 different national requirements.