At the end of 2009 the EU Parliament approved the revision of the ePrivacy Directive 2002/58/EC. The aim was to create more transparency and security for consumers. The process of transposing the new directive into national law in the member states is due to begin in 2011, and this will also have an impact on Switzerland.
The ePrivacy Directive came into being as a response to the requirements of the new digital technologies. The directive complements the EU Data Protection Directive and covers all issues affecting privacy in the area of electronic communications. The directive is concerned with the protection not only of personal data, but also of privacy in electronic communication networks.
The new directive 2009/136/EC requires service providers to actively inform users about data breaches or specific risks, such as viruses or malware attacks.
A further innovation introduced by the directive concerns cookies and spyware. In future these may not be installed on computers without Internet users' consent. Cookies can store log-in details, passwords and preferences, which is of course quite practical for the user. However, cookies can also be used to track movements around the web. Advertisers can distribute cookies over different websites and use them to store user profiles. The process is also known as "online tracking".
The old directive required website owners to offer users an opt-out option. This usually involved them making the necessary changes in their browser settings. Now the EU is saying that users must give their explicit consent before any information concerning them can be stored or accessed (opt-in approach). This means that users must be given clear and comprehensive information in advance about the purpose of the data storage or access.
EU member states have until 24 May 2011 to transpose the directive into national law. What form this will take in the individual countries will depend on the outcome of discussions currently underway between Internet companies, advertising firms, legislators and data protection authorities.
As Switzerland is not a member of the EU, the application of community law needs to be explicitly accepted. However, whichever way the decision goes, regulations will clearly also have an impact on providers and users based in Switzerland, which is why we are closely monitoring on-going discussions. We have also established contacts with industry representatives both in Switzerland and abroad. The purpose of our dialogue is to assess the consequences for Swiss companies and to help find solutions.
As a matter of principle, we welcome the proposed changes which will ensure that online marketing activities by means of cookies and other such instruments are rendered more compatible with data protection requirements. Nevertheless, we also need to ensure that the solutions that are adopted are user-friendly and easy to manage.