GDPR just went into effect in the end of May and a new EU regulation is heading upon us – the ePrivacy Regulation. It aims specifically to protect the confidentiality of electronic communications. This topic is already highly controversial among regulatory institutions and the business.
What you need to know
Why do we need this regulation, regarding the EU Commission
IT-based services are developing and evolving extremely fast. In response to this European Commission has undertaken major changes in the European legislation and data protection framework. The ePrivacy regulation is part of this efforts.
Here are the key points of the Commission’s proposal:
- New players: privacy rules will in the future also apply to new players providing electronic communications services such as WhatsApp, Facebook Messenger and Skype.
This will ensure that these popular services guarantee the same level of confidentiality of communications as traditional telecoms operators.
- Stronger rules: all people and businesses in the EU will enjoy the same level of protection of their electronic communications through this directly applicable regulation. Businesses will also benefit from one single set of rules across the EU.
- Communications content and metadata: privacy is guaranteed for communications content and metadata, e.g. time of a call and location. Metadata have a high privacy component and is to be anonymized or deleted if users did not give their consent, unless the data is needed for billing.
- New business opportunities: once consent is given for communications data – content and/or metadata – to be processed, traditional telecoms operators will have more opportunities to provide additional services and to develop their businesses. For example, they could produce heat maps indicating the presence of individuals; these could help public authorities and transport companies when developing new infrastructure projects.
- Simpler rules on cookies: the cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined. The new rule will be more user-friendly as browser settings will provide for an easy way to accept or refuse tracking cookies and other identifiers. The proposal also clarifies that no consent is needed for non-privacy intrusive cookies improving internet experience (e.g. to remember shopping cart history) or cookies used by a website to count the number of visitors.
- Protection against spam: this proposal bans unsolicited electronic communications by emails, SMS and automated calling machines. Depending on national law people will either be protected by default or be able to use a do-not-call list to not receive marketing phone calls. Marketing callers will need to display their phone number or use a special pre-fix that indicates a marketing call.
- More effective enforcement: the enforcement of the confidentiality rules in the Regulation will be the responsibility of data protection authorities, already in charge of the rules under the General Data Protection Regulation.
Source: European Commission
Although the Commission organized many discussions and workshops with the stakeholders there are many opponents of the new regulation. The Developers Alliance, a trade group representing Facebook, Google, Intel and dozens of app makers, said it could cost businesses in Europe more than 550 billion EUR, or about $640 billion, in annual lost revenue. And DigitalEurope, another tech trade group, said the legislation’s prohibitive approach “seriously undermines the development of Europe’s digital economy.”
One of their biggest concerns is that ePrivacy’s consent would hinder innovations, which automatically transmit safety information back to the manufacturer. They also point out that the requirement for companies to provide equal communication services to people who opt out of sharing their data cause sites or apps that rely on data-driven advertising to set fees or just close their business.
“Every stakeholder I have talked to from industry, from all sizes from the very biggest to the very smallest businesses, are unanimously opposed to this,” said Daniel Dalton, a member of the European Parliament from Britain.
Many tech companies and trade groups have started an intense lobbying to shut down, or at least weaken, the legislation.
What is your opinion about the new EU Regulation? Let us know in the comments.
If you would like to know more about ePrivacy or GDPR, contact us.