Push Notifications under E-Privacy Law: A Review and Outlook on the Interplay between Data Protection Law, E-Privacy Law and other Legal Acts

Abstract

Push notifications are widely used to inform users directly about messages, news and offers. Although the opt-in mechanisms implemented by all providers of push notifications might suggest straightforward compliance with e-privacy law, this popular phenomenon is a good example to discuss the current and future challenges under European e-privacy and data protection law. The use of push notifications raises intriguing legal questions under the e-privacy directive, the General Data Protection Regulation (EU) 2016/679 (GDPR) and the law of unfair commercial practices. The focus here is on questions related to the interaction of these different legal acts, the requirements for legal bases as well as the relationship between a consent requirement and the push notification permissions granted through system permission prompts on the devices. A closer look is necessary for the requirements of the e-privacy Directive with regard to the storage of information on the device, unsolicited communication and the question of whether push notifications constitute electronic mail or other forms of communication. Against this background, this article explores the complex legal landscape surrounding push notifications, addresses these legal challenges, and provides standards for push notifications using different scenarios. Finally, the article concludes with a discussion on how the current legal framework handles such an important phenomenon and considers what to expect from a potential e-privacy Regulation in this regard.