The co-legislators should preserve the exemption for the “services requested by the end-user” to allow data collection from terminal equipment, as this is the only way insurers can continue to offer telematics-based insurance products.
These types of innovative services strongly benefit consumers by rewarding low-risk drivers with lower premiums, while also improving road safety. To enable insurers to continue providing such innovative services, it is important that the e-Privacy Regulation includes a legal basis that provides sufficient legal certainty to collect data from the terminal equipment.
However, only the Council’s position would provide the legal certainty insurers need to continue offering such products, as there is no exemption in either the Commission’s or the Parliament’s positions that provides for such certainty.
Insurance Europe also recommends safeguarding the current interplay between the e-Privacy Directive and the General Data Protection Regulation (GDPR) regarding the collection and processing of data from terminal equipment. Currently, as highlighted by the European Data Protection Board, the collection of data from the user’s terminal equipment is protected under the current e-Privacy Directive, with any subsequent processing of personal data falling under article 6 of the GDPR.
Unlike a fixed list of exemptions, as proposed by the new e-Privacy Regulation, the GDPR’s principles- and risk-based approach allows for the needed flexibility to process personal data in situations where relying on consent is not always possible or feasible.
It should also be noted that all legal grounds for processing personal data under the GDPR already provide consumers with enhanced protection compared to the current ePrivacy Directive.
e-Privacy Paper
|