The European Commission has officially abandoned its proposal to update the ePrivacy Directive, a move that has been anticipated for some time. The decision to withdraw the proposal, which aimed to strengthen online privacy rules and put penalties on par with the General Data Protection Regulation (GDPR), comes after years of stalemate and intense industry lobbying.

The original proposal, dating back to 2017, sought to turn the ePrivacy Directive into a fully-fledged EU regulation, ensuring that entities obtain affirmative consent from consumers to track and profile them online. However, the effort was met with strong resistance from tech giants and telcos, whose businesses would have been significantly impacted by the proposed changes.

Documents unsealed in a US antitrust lawsuit in 2021 revealed that Google had attempted to mobilize other tech giants to delay and ultimately derail the reform. Additionally, a Politico report from 2020 named Amazon as another major player involved in efforts to weaken support among EU co-legislators for the proposal.

The dominance of behavioral advertising business models, which rely on tracking and profiling web users to monetize people's attention, raised the commercial stakes for any reform of EU ePrivacy rules. The proposal's demise means that online privacy convenience for European consumers will remain elusive, with commercial actors continuing to make it difficult for users to protect their information online.

Despite the withdrawal of the proposal, the EU's existing e-Privacy rules remain in force. In recent years, several tech giants, including Google, Amazon, Facebook (aka Meta), and TikTok, have faced sanctions for breaching these rules, with fines totaling millions of euros.

Independent researcher and consultant Dr. Lukasz Olejnik, who has tracked the policy area for years, believes that the proposal's chances of reaching a compromise were scuppered by bad timing and intense industry lobbying. "The unwarranted GDPR scare killed it, and the current climate for hostility towards regulations is not a good time to edit any data protection-related files, which could severely backfire, even significantly weaken the GDPR," he said.

A source inside the Commission, who wished to remain anonymous, echoed Olejnik's analysis, suggesting that the original proposal was not well-conceived and that the momentum was lost after the GDPR negotiations. "If GDPR can't tame the billionaires, why would ePrivacy? The issue is business models, market power, and police efforts to kill E2EE [end-to-end encryption]," they said.

The withdrawal of the ePrivacy Regulation proposal raises questions about the future of regulating online tracking in the EU. With the existing ePrivacy rules remaining in force, there may be increased uncertainty and more wiggle room for technologists to evolve their approaches, potentially staying outside the radar of regulators.

Meanwhile, the Commission has outlined its 2025 work program, which prioritizes competitiveness and economic growth through support for tech innovations like AI. The program includes plans for an Innovation Act, a Digital Networks Act, a Cloud and AI Development Act, and an AI Continent Action Plan, among others. However, consumer protection appears to have taken a backseat, with the Commission's next Consumer Agenda 2025-2030 aiming to "balance" consumer interests with business needs.

The EU's decision to abandon the ePrivacy Regulation proposal marks a significant setback for online privacy advocates and raises concerns about the ability of regulators to keep pace with rapidly evolving technologies and business models.