# Statement on the ePrivacy Regulation and the future role of Supervisory Authorities and the EDPB

- Type: Guidance
- Source: EDPB
- Identifier: statement-on-the-eprivacy-regulation-and-the-future-role-en
- Date: 2020-11-19
- Original: https://www.edpb.europa.eu/documents/reports-statements-and-letters/statement-on-the-eprivacy-regulation-and-the-future-role_en
- Canonical: https://overview.legal/posts/126113
- Topics: Cookies, Telecommunications, Direct Marketing, Data Controller, Monitoring, Supervision, Personal Data, Processing, Controllers, Consent

## Summary

1 Statement on the ePrivacy Regulation and the future role of Supervisory Authorities and the EDPB Adopted on 19 November 2020 The European Data Protection Board has adopted the following statement: Firstly, the EDPB wants to stress that this statement is without prejudice to its previous positions , including s tatement 3/2019 1 and its statement of 25 May 2018 2 . The ePrivacy Regulation must under no circumstances lower the level of protection offered by the curren t ePrivacy Directive…

## Full text

1 Statement on the ePrivacy Regulation and the future role of Supervisory Authorities and the EDPB Adopted on 19 November 2020 The European Data Protection Board has adopted the following statement: Firstly, the EDPB wants to stress that this statement is without prejudice to its previous positions , including s tatement 3/2019 1 and its statement of 25 May 2018 2 . The ePrivacy Regulation must under no circumstances lower the level of protection offered by the curren t ePrivacy Directive 2002/58/EC, but should complement the GDPR by providing additional strong guarantees for confidentiality and protection of all typ es of electronic communication. Secondly, the EDPB welcomes the aim of the Council Presidency to reach a G eneral Approach in order to begin the negotiations with the European Parliament and to adopt the eP rivacy Regulation as soon as possible . However, the EDPB is concerned about some new orientations of the discussions in the Council related to the enforcement of the future ePrivacy Regulation , which would create fragmentation of supervision, procedural complexity, as well as lack of consistency and legal certainty for individuals and companies. The EDPB rec alls that the scope of the proposed R egulation aims at ensuring its uniform application across every Member State and every type of data controller . Any proposed changes in the draft Regulation that may undermine this objective should be avoided to guarant ee an equal level playing field for every provider and to ensure the confidentiality of electronic communications, as a fundamental right protected under the Charter, also taking into account the applicable CJEU case law. In relation to ongoing discussion s related to the further processing of electronic communications meta data, the EDPB reiterates its support to the approach of the proposed Regulation, based on broad 1 European Data Protection Board, Statement 3/2019 on an ePrivacy Regulation, adopted on 13 March 2019, available at: https://edpb.europa.eu/sites/edpb/files/files/file1/201903_edpb_st atement_eprivacyregulation_en.pdf 2 European Data Protection Board, Statement of the EDPB on the revision of the ePrivacy Regulation and its impact on the protection of individuals with regard to the privacy and confidentiality of their communications, adopted on 25 May 2018, available at: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_statement_on_eprivacy_en.pdf 2 prohibitions, narrow exceptions and the use of consent , while emphasising again that elect ronic communication metadata can still be processed without consent after it has been genuinely anonymised . The EDPB also welcomes the inclusion of rules in Article 8 regarding the inclusion of reference to the information covered TV broadcasting services or the software updates, which should be designed in a privacy - friendly way. The EDPB also regrets the lost opportunity to give a clear guidance on the so - called “cookie walls”. T h irdly , the EDPB would like to underline that many provisions of the future ePrivacy Regulation concern processing of personal data. For these processing activities, Article 8(3) of the Charter of Fundamental Rights of the European Union requires oversight by an independent authority . In order to ensure a high level of protection of personal data and to guarantee legal and procedural certainty, this oversight should be entrusted to the same national authorities, which are responsible for enforcement of the GDPR as initially proposed by the European Commission 3 . In its proposal, the European Commission stressed that the cooperation and consistency mechanism foreseen under the GDPR w ould apply. Moreover, it laid down that all supervisory authorities monitoring the ePrivacy Regulation have to be independent. Furthermore, in order to gu arantee a level playing field on the digital single market, it is essential to ensure a harmonised interpretation and enforcement of the personal data processing elements of the ePrivacy Regulation across the EU. Chapter VII of the GDPR already provides fo r a well - functioning cooperation and consistency mechanism within the framework of the EDPB: this mechanism should also be used for the supervision of the ePrivacy Regulation in its’ personal data protection implications. It would also benefit data controllers to have a single contact point for all personal data processing operations falling within the scope of ePrivacy Regulation: data controllers would not need to deal with multiple regulatory authorities, which otherwise could lead to diverging standards and interpretations. This does not preclude other authorities concerned from being responsible for parts, which are not related to processing of personal data, while also cooperating with data protection authorities where necessary. The EDPB would also like to recall that there is a clear interconnection of competencies between national authorities competent under the current ePrivacy Directive and data protection authorities 4 . Provisions related to the processing of personal data of the current ePrivacy Directive and the future ePrivacy Regulation sh ould not be applied in isolation, when they are intertwined with personal data processing and the provisions of the GDPR. Consist ent interpretation and enforcement of both set s of rules , when covering personal data protection, would therefore be fulfilled in the most efficient way if the enforcement of th ose parts of the ePrivacy 3 European Commission, Proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), Brussels, 10 January 2017, available at: https://eur - lex.europa.eu/legal - content/EN/TXT/?uri=CELEX%3A52017PC0010 4 European Data Protection Board, Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, adopted on 12 March 2019 , available at: https://edpb.europa.eu/our - work - tools/our - docum ents/noukogu - arvamus - artikkel - 64/opinion - 52019 - interplay - between - eprivacy_en 3 Regulation and the GDPR would be entrusted to the sam e authority . In summary , the future ePrivacy Regulation should be formulated to improve this procedural situation instead of add ing complexity . Moreover , the Council risk s creating further procedural uncertainty in case national competent authorities who are not member s of the EDPB would have to interact with the EDPB . The future ePrivacy Regulation should lay out a clear framework for the cooperation between data protection authorities as supervisory authorities competent under GDPR and authorities having the appropriate expertise , so th eir cooperation could function effectively. Considering the above, the EDPB invites the Member States to support a more effective and consistent ePrivacy Regulation as initially prop osed by the European Commission and as amended by the European Parliament. For the European Data Protection Board The Chair (Andrea Jelinek)

---
Generated by overview.legal · https://overview.legal/posts/126113 · 2026-07-17
