The European Commission has retracted a long-stalled initiative aimed at enhancing EU regulations regarding online tracking technologies, which sought to align penalties with those outlined in the GDPR (General Data Protection Regulation), allowing for fines of up to 4% of an organization’s annual revenue for violations. The decision comes after co-legislators were unable to reach a consensus on the proposal.
The attempt to revise the ePrivacy Directive, aiming to transform it into a comprehensive Pan-EU regulation, dates back to 2017. However, on Wednesday, the initiative was officially declared inactive as it was added to a list of legislative proposals being withdrawn in the Commission’s 2025 work program, citing “No foreseeable agreement” as the reason for withdrawal.
The EU further noted: “The proposal is no longer relevant considering recent developments in both technology and legislation.”
The withdrawal of the “proposal for a regulation on the respect for private life and the protection of personal data in electronic communications,” as officially titled, is unsurprising given the lengthy hiatus of the effort. This file has been subject to significant lobbying from major tech firms and telecommunications companies affected by its scope.
In 2021, documents revealed through a U.S. antitrust lawsuit indicated that Google attempted to rally other tech giants to hinder the proposal, leading to its current derailment. A Politico article from 2020 also identified Amazon’s involvement in efforts to dilute support among EU legislators for the proposal.
The prevalence of behavioral advertising models—dependent on tracking and profiling internet users to capture their attention—heightened the stakes for any revision of EU ePrivacy regulations, particularly the need for firms to secure explicit consent from consumers for monitoring their online activities.
This proposal could have potentially strengthened the legal standing of do-not-track settings, should parliamentary initiatives in this direction have succeeded. Such a regulation could have transformed the ePrivacy framework, making online privacy more accessible to European consumers, contrasting with today’s fragmented web experience where businesses reliant on tracking make it increasingly challenging for users to safeguard their personal information online.
While the Commission’s initiative to replace the ePrivacy Directive with an updated regulation has been withdrawn, existing ePrivacy regulations within the EU continue to be enforced. It is noteworthy that several tech companies have faced penalties related to this framework in recent years.
For instance, both Google and Amazon have been fined for violating cookie consent regulations, with France’s data protection authority, the CNIL, penalizing Google approximately $120 million in December 2020 and again around $170 million in January 2022 for failing to secure proper consent for using tracking cookies. Amazon faced a cookie consent penalty of around $42 million from the CNIL in late 2020, alongside fines issued to Facebook (Meta) and TikTok.
On the subject of the ePrivacy Regulation’s collapse, Dr. Lukasz Olejnik, an independent researcher and consultant who has monitored the policy landscape for many years, remarked to TechCrunch: “Ending this trainwreck is a prudent decision. The outcome was foreseeable; this has been a slow-motion funeral.”
In addition to facing massive industry pressure, Olejnik argues that the floundering of the proposal was exacerbated by poor timing. Following the EU’s approval of its flagship data protection legislation, the GDPR, there has been a surge in alarm regarding expanding privacy regulations.
“The undue panic surrounding GDPR undermined this proposal, and the current hostile environment toward regulation makes it an unfavorable time to amend any data protection measures, which could inadvertently weaken the GDPR,” he stated.
An anonymous source from within the Commission shared a similar perspective, suggesting that “[Commissioners Viviane] Reding and [Neelie] Kroes should have tackled ePrivacy and GDPR simultaneously… The opportunity was lost when sentiments were running high at the end of the GDPR negotiations,” they explained.
Additionally, our source criticized the original proposal as poorly planned, labeling it “a remnant from an era dominated by telecommunications operators.” They continued, noting, “Telecom companies and major surveillance tech operate under fundamentally different paradigms. If GDPR struggles to rein in these billionaires, how can ePrivacy succeed? The challenges stem from business models, market power, and enforcement issues, particularly concerning end-to-end encryption.”
So, what lies ahead for the regulation of online tracking within the EU? Expect increased uncertainty and broader latitude for technologists to innovate their methods, claiming they operate beyond the archaic ePrivacy framework.
“As new technologies are created and adopted, they may evade scrutiny,” Olejnik suggests. “The GDPR isn’t all-encompassing, and the need to reinterpret the outdated ePrivacy Directive has its limitations. Anticipate interpretations and guidance from the ECJ [European Court of Justice] to evolve the legal landscape… and perhaps eventually, a renewed approach will be proposed.”
Tech Priorities in the EU’s 2025 Work Program
Meanwhile, the Commission is poised to engage in a host of other technology-centric legislative initiatives this year following a leadership overhaul, shifting its focus toward enhancing competitiveness and explicitly aiming to stimulate economic growth by bolstering tech innovations such as AI, which appears destined to tightly align with private sector needs.
The 2025 work program outlines a proposed Innovation Act, expected to launch “later in the mandate,” aimed at aiding startups, scale-ups, and “innovative companies” to invest within the single market. This initiative intends to simplify applicable regulations and work towards creating a “28th legal regime” [i.e., one unified system for all EU Member States].
The Commission aims to use this reform “to simplify regulatory frameworks and minimize failure costs, incorporating aspects of corporate law, insolvency, labor, and tax legislation.”
Another key objective is to promote biotechnology — with the EU expressing a desire to “leverage European life sciences to propel innovation in biotechnology, consolidate resources, dismantle regulatory barriers, unleash the full potential of data and artificial intelligence, and enhance its implementation.
Support for robust digital infrastructure is also part of the agenda, with a Digital Networks Act planned to “encourage cross-border network operation and service provision, boost industry competitiveness, and improve spectrum coordination.
Additionally, a Cloud and AI Development Act is on the horizon, designed to facilitate data access to accelerate homegrown AI initiatives.
An AI Continent Action Plan is also set to address efforts to gather resources and skills under the EU’s existing AI Factories initiative, aiming to ignite “competitive AI ecosystems in Europe”, alongside an Apply AI strategy to promote AI adoption across various industries and organizations.
The work program additionally outlines an EU Quantum Strategy, expected to be followed by a Quantum Act — targeting what the EU identifies as a “critical” and strategic sector. “The strategy will contribute to building our own capabilities to research and develop quantum technologies, as well as produce devices and systems derived from them,” it indicates.
A Space Act is also anticipated, along with initiatives aimed at enhancing the protection of undersea communication infrastructure, especially in light of the rising threats of accidents or sabotage which are increasingly jeopardizing the region’s underwater cables.
Regarding consumer protection, the EU’s 2025 work plan is less robust.
The Commission indicated that its forthcoming Consumer Agenda 2025-2030 will “encompass a new action plan for consumers in the single market aimed at ensuring a balanced framework protecting consumers while avoiding excessive burdens on companies,” but the choice of words implies a shift towards prioritizing business interests in the pursuit of economic growth, with consumer protections needing to be “balanced” against this primary goal.
On the pressing issue of online disinformation and misinformation, the EU’s work plan reiterates a forthcoming “Democracy Shield”. This initiative will “aim to confront the evolving challenges to our democracy and electoral system,” including increased collaboration with civil society organizations.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
