E-Gizlilik Tüzük Taslağının Son Versiyonu Üzerine Düşünceler
Year 2019,
Volume: 1 Issue: 2, 66 - 74, 27.12.2019
Leyla Keser Berber
,
Ayça Atabey
,
Melis Mert
Abstract
Geçtiğimiz
dönemde e-Gizlilik Tüzüğü’ne ilişkin birçok gelişme olmuştur. Özellikle
e-Gizlilik Tüzüğü’nün son taslak versiyonlarında (temel olarak 4 Ekim 2019, onu
takip eden 17 Ekim 2019 ve 30 Ekim 2019 tarihli taslaklar) yer alan
değişiklikler güncel tartışmalara konu olmuştur. Özellikle “rıza” kavramı
üzerinde duran bu tartışmalar çerçevesinde, rızanın GVKT uyarınca bir rıza
olması gerektiğinin de altı Avrupa Birliği Adalet Divanı’nın (ABAD) Verbraucherzentrale Bundesverband eV v.
Planet49 GmbH (C‑673/17) (Planet49
davası) kararında da çizilmiştir. E-Gizlilik Tüzüğü’nde “rıza” kavramına
ilişkin yeniliklerle beraber başka değişiklikler getirilmiş olsa da, bu
değişiklikler kapsamında sıkça görülen güncel tartışmalardaki endişelerin çoğu
“rıza” kavramına ilişkin kuralları ve bunların ilgili paydaşlar üzerindeki
olası etkisini içermektedir. Bu çalışmada e-Gizlilik taslağında görülen değişikliklere
genel olarak yer verilecek olsa da, asıl olarak “rıza” kavramı ve son
versiyonda yer almayan ancak tartışmalara sebebiyet veren maddeler üzerinde
durulacaktır.
References
- Article 29 Data Protection Working Party (Çalışma Grubu) (2018). Guidelines on consent under Regulation 2016/679. https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51030 sitesinden 22.10.2019 tarihinde alınmıştır.
- Avrupa Komisyonu (2019). Digital Privacy - Digital Single Market - European Commission <https://ec.europa.eu/digital-single-market/en/online-privacy> sitesinden 30.10.2019 tarihinde alınmıştır.
- Bergemann, B. (2018). The Consent Paradox: Accounting for the Prominent Role of Consent in Data Protection https://www.econstor.eu/bitstream/10419/180107/1/f-21375-full-text-Bergemann-2018-Consent_Paradox-v2.pdf sitesinden 30.10.2019 tarihinde alınmıştır.
- Bitkom (2018). Position Paper - Eprivacy Regulation <https://www.bitkom.org/sites/default/files/file/import/20180817-Bitkom-Position-Paper-on-ePrivacy-and-Presidency-Discussion-Paper-of-July-10.pdf> sitesinden 27.10.2019 tarihinde alınmıştır.
- Cookiebot (2019). 'Active Consent and The Case of Planet49 | CJEU | GDPR & Epr <https://www.cookiebot.com/en/active-consent-and-the-case-of-planet49/> sitesinden 29.10.2019 tarihinde alınmıştır.
- Debbie Heywood, D. (2018). 'Where is the Eprivacy Regulation? - Taylor Wessing's Global Data Hub' (Globaldatahub.taylorwessing.com, 2018) <https://globaldatahub.taylorwessing.com/article/where-is-the-eprivacy-regulation> sitesinden 30.10.2019 tarihinde alınmıştır.
- Dreyer, S., Schulz, W. (2019). The General Data Protection Regulation And Automated Decision-Making: Will It Deliver? Potentials And Limitations In Ensuring The Rights And Freedoms Of Individuals, Groups And Society As A Whole <https://ethicsofalgorithms.org/wp-content/uploads/sites/10/2019/01/GDPR_withoutCover-1.pdf> sitesinden
29.10.2019 tarihinde alınmıştır.
- European Data Protection Board (EDPB) (2019). Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPRGVKT, in particular regarding the competence, tasks and powers of data protection authorities Adopted on 12 March 2019 https://edpb.europa.eu/our-work-tools/our-documents/stanovisko-vyboru-cl-64/opinion-52019-interplay-between-eprivacy_en https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_GVKT_interplay_en_0.pdf sitesinden 30.10.2019 tarihinde alınmıştır.28 Ekim 2019 tarihinde erişildi.
- Finck, M. (2019) Blockchain And The General Data Protection Regulation Can Distributed Ledgers Be Squared With European Data Protection Law <https://www.europarl.europa.eu/RegData/etudes/STUD/2019/634445/EPRS_STU(2019)634445_EN.pdf> sitesinden 30.10.2019 tarihinde alınmıştır.
- Information Commissioner’s Office (ICO) (2018). Direct Marketing Guidance <https://ico.org.uk/media/for-organisations/documents/1555/direct-marketing-guidance.pdf/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Information Commissioner’s Office (ICO) (2019). Blog: Cookies – What Does ‘Good’ Look Like? <https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/blog-cookies-what-does-good-look-like/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Information Commissioner’s Office (ICO) (2019). Update report into adtech and real time bidding <https://ico.org.uk/media/about-the-ico/documents/2615156/adtech-real-time-bidding-report-201906.pdf> sitesinden 26.10.2019 tarihinde alınmıştır.
- Inside Privacy (2019). New Draft Eprivacy Regulation Released <https://www.insideprivacy.com/international/european-union/new-draft-eprivacy-regulation-released/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Marotta, V. Abhishek V., Acquisti A. (2019). Online Tracking and Publishers’ Revenues: An Empirical Analysis The 2019 Workshop on the Economics of Information Security https://weis2019.econinfosec.org/wp-content/uploads/sites/6/2019/05/WEIS_2019_paper_38.pdf sitesinden 30.10.2019 tarihinde alınmıştır.
- Mikkelsen, D., Soller H., Jansson, M. (2018). What Will Europe’S E-Privacy Regulation Mean for Your Business? <https://www.mckinsey.com/business-functions/risk/our-insights/what-will-europes-eprivacy-regulation-mean-for-your-business> sitesinden 26.10.2019 tarihinde alınmıştır.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) COM/2017/010 Final - 2017/03 (COD)' (Eur-lex.europa.eu, 2019) <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017PC0010> sitesinden 30.10.2019 tarihinde alınmıştır.28 Ekim 2019 tarihinde erişildi.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) - Dated 17 October 2019' (Data.consilium.europa.eu, 2019) http://data.consilium.europa.eu/doc/document/ST-13080-2019-INIT/EN/pdf sitesinden 30.10.2019 tarihinde alınmıştır.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) - Dated 30 October 2019' (Data.consilium.europa.eu, 2019) https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_13632_2019_INIT&from=EN sitesinden 30.10.2019 tarihinde alınmıştır.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) Dated 4 October 2019' (Data.consilium.europa.eu, 2019) <https://data.consilium.europa.eu/doc/document/ST-12633-2019-INIT/en/pdf#page41> sitesinden 30.10.2019 tarihinde alınmıştır.
- Ryan, J. (2019). Brave Writes To All European Governments To Press For Strong Eprivacy Protections <https://brave.com/eprivacy-october2019/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Schmidt, D. (2018). Google Data Collection <https://www.ftc.gov/system/files/documents/public_comments/2018/08/ftc-2018-0074-d-0018-155525.pdf> sitesinden 30.10.2019 tarihinde alınmıştır.
- Spool, J. (2011). Do Users Change their Settings UIE, Eylül 2011 <https://archive.uie.com/brainsparks/2011/09/14/do-users-change-their-settings/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Toner, A. (2019). Industry Support for Privacy Protection In An Eprivacy Regulation <https://brave.com/wp-content/uploads/2019/10/Brave-Industry-support-for-ePrivacy-
Regulation-10-October-2019.pdf> sitesinden 26.10.2019 tarihinde alınmıştır.
Commentary on the Latest Draft of the e-Privacy Regulation
Year 2019,
Volume: 1 Issue: 2, 66 - 74, 27.12.2019
Leyla Keser Berber
,
Ayça Atabey
,
Melis Mert
Abstract
Recently, there
have been many developments regarding the upcoming e-Privacy Regulation. In
particular, changes in the latest draft versions of the e-Privacy Regulation (mainly
4 October 2019, subsequent drafts of 17 October 2019 and 30 October 2019) have
become soaring topics in the debates rotating around the fundamental rights of
data protection and privacy, mainly focusing on the issue of “consent”. Another
recent development concerning the changes that will be brought by the
long-waited enactment of the ePrivacy Regulation concerns the Court of Justice
of the European Union’s ruling (CJEU) in the case of Planet49 where the Court
found that the only form of valid consent for processing user data in the EU is
explicit consent. This decision has underscored the importance of developing a
true understanding of the interplay between the GDPR and the ePrivacy
Regulation. Although there are other novelties and changes that are brought
with the e-Privacy Regulation, in the current discussions the main concerns
relate to the rules on the notion of “consent” and such changes’ possible
impact on different stakeholders. In this study, although the changes that are
seen in the e-Privacy Regulation will be mentioned in general, the main focus
will be on the notion of consent and a discussion will be carried out by
referring to the relevant Articles under the latest ePrivacy Regulation draft
proposal released in October 2019.
References
- Article 29 Data Protection Working Party (Çalışma Grubu) (2018). Guidelines on consent under Regulation 2016/679. https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51030 sitesinden 22.10.2019 tarihinde alınmıştır.
- Avrupa Komisyonu (2019). Digital Privacy - Digital Single Market - European Commission <https://ec.europa.eu/digital-single-market/en/online-privacy> sitesinden 30.10.2019 tarihinde alınmıştır.
- Bergemann, B. (2018). The Consent Paradox: Accounting for the Prominent Role of Consent in Data Protection https://www.econstor.eu/bitstream/10419/180107/1/f-21375-full-text-Bergemann-2018-Consent_Paradox-v2.pdf sitesinden 30.10.2019 tarihinde alınmıştır.
- Bitkom (2018). Position Paper - Eprivacy Regulation <https://www.bitkom.org/sites/default/files/file/import/20180817-Bitkom-Position-Paper-on-ePrivacy-and-Presidency-Discussion-Paper-of-July-10.pdf> sitesinden 27.10.2019 tarihinde alınmıştır.
- Cookiebot (2019). 'Active Consent and The Case of Planet49 | CJEU | GDPR & Epr <https://www.cookiebot.com/en/active-consent-and-the-case-of-planet49/> sitesinden 29.10.2019 tarihinde alınmıştır.
- Debbie Heywood, D. (2018). 'Where is the Eprivacy Regulation? - Taylor Wessing's Global Data Hub' (Globaldatahub.taylorwessing.com, 2018) <https://globaldatahub.taylorwessing.com/article/where-is-the-eprivacy-regulation> sitesinden 30.10.2019 tarihinde alınmıştır.
- Dreyer, S., Schulz, W. (2019). The General Data Protection Regulation And Automated Decision-Making: Will It Deliver? Potentials And Limitations In Ensuring The Rights And Freedoms Of Individuals, Groups And Society As A Whole <https://ethicsofalgorithms.org/wp-content/uploads/sites/10/2019/01/GDPR_withoutCover-1.pdf> sitesinden
29.10.2019 tarihinde alınmıştır.
- European Data Protection Board (EDPB) (2019). Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPRGVKT, in particular regarding the competence, tasks and powers of data protection authorities Adopted on 12 March 2019 https://edpb.europa.eu/our-work-tools/our-documents/stanovisko-vyboru-cl-64/opinion-52019-interplay-between-eprivacy_en https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_GVKT_interplay_en_0.pdf sitesinden 30.10.2019 tarihinde alınmıştır.28 Ekim 2019 tarihinde erişildi.
- Finck, M. (2019) Blockchain And The General Data Protection Regulation Can Distributed Ledgers Be Squared With European Data Protection Law <https://www.europarl.europa.eu/RegData/etudes/STUD/2019/634445/EPRS_STU(2019)634445_EN.pdf> sitesinden 30.10.2019 tarihinde alınmıştır.
- Information Commissioner’s Office (ICO) (2018). Direct Marketing Guidance <https://ico.org.uk/media/for-organisations/documents/1555/direct-marketing-guidance.pdf/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Information Commissioner’s Office (ICO) (2019). Blog: Cookies – What Does ‘Good’ Look Like? <https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/blog-cookies-what-does-good-look-like/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Information Commissioner’s Office (ICO) (2019). Update report into adtech and real time bidding <https://ico.org.uk/media/about-the-ico/documents/2615156/adtech-real-time-bidding-report-201906.pdf> sitesinden 26.10.2019 tarihinde alınmıştır.
- Inside Privacy (2019). New Draft Eprivacy Regulation Released <https://www.insideprivacy.com/international/european-union/new-draft-eprivacy-regulation-released/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Marotta, V. Abhishek V., Acquisti A. (2019). Online Tracking and Publishers’ Revenues: An Empirical Analysis The 2019 Workshop on the Economics of Information Security https://weis2019.econinfosec.org/wp-content/uploads/sites/6/2019/05/WEIS_2019_paper_38.pdf sitesinden 30.10.2019 tarihinde alınmıştır.
- Mikkelsen, D., Soller H., Jansson, M. (2018). What Will Europe’S E-Privacy Regulation Mean for Your Business? <https://www.mckinsey.com/business-functions/risk/our-insights/what-will-europes-eprivacy-regulation-mean-for-your-business> sitesinden 26.10.2019 tarihinde alınmıştır.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) COM/2017/010 Final - 2017/03 (COD)' (Eur-lex.europa.eu, 2019) <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017PC0010> sitesinden 30.10.2019 tarihinde alınmıştır.28 Ekim 2019 tarihinde erişildi.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) - Dated 17 October 2019' (Data.consilium.europa.eu, 2019) http://data.consilium.europa.eu/doc/document/ST-13080-2019-INIT/EN/pdf sitesinden 30.10.2019 tarihinde alınmıştır.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) - Dated 30 October 2019' (Data.consilium.europa.eu, 2019) https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_13632_2019_INIT&from=EN sitesinden 30.10.2019 tarihinde alınmıştır.
- 'Proposal For A Regulation Of The European Parliament And Of The Council Concerning The Respect For Private Life And The Protection Of Personal Data In Electronic Communications And Repealing Directive 2002/58/EC (Regulation On Privacy And Electronic Communications) Dated 4 October 2019' (Data.consilium.europa.eu, 2019) <https://data.consilium.europa.eu/doc/document/ST-12633-2019-INIT/en/pdf#page41> sitesinden 30.10.2019 tarihinde alınmıştır.
- Ryan, J. (2019). Brave Writes To All European Governments To Press For Strong Eprivacy Protections <https://brave.com/eprivacy-october2019/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Schmidt, D. (2018). Google Data Collection <https://www.ftc.gov/system/files/documents/public_comments/2018/08/ftc-2018-0074-d-0018-155525.pdf> sitesinden 30.10.2019 tarihinde alınmıştır.
- Spool, J. (2011). Do Users Change their Settings UIE, Eylül 2011 <https://archive.uie.com/brainsparks/2011/09/14/do-users-change-their-settings/> sitesinden 26.10.2019 tarihinde alınmıştır.
- Toner, A. (2019). Industry Support for Privacy Protection In An Eprivacy Regulation <https://brave.com/wp-content/uploads/2019/10/Brave-Industry-support-for-ePrivacy-
Regulation-10-October-2019.pdf> sitesinden 26.10.2019 tarihinde alınmıştır.