After numerous revisions of the initial draft of the ePrivacy Regulation, the Portuguese presidency finally submitted a draft that all EU Member States agreed on. The authors would like to take the opportunity of the beginning of the trilogue to point out a serious technical flaw in the current draft. This flaw lies in the ambiguous relationship between the ePrivacy Regulation and the GDPR. As such, this ambiguity calls into question the applicability of several decisive provisions of the GDPR; first and foremost, the data protection by design approach and co-regulation instruments such as codes of conduct and certificates.
Link to publication