European Commission Issues Draft ePrivacy Rules For All Digital Providers

The European Commission (EC) has published its proposal to update laws on the confidentiality and security of electronic communications by extending measures to all businesses that offer digital communication services.

The new ePrivacy Regulation is intended to replace Directive 2002/58/EC and align all rules for electronic communications with the General Data Protection Regulation (GDPR) introduced last year and due to enter into application by 25 May 2018. Above all, the EC proposes that privacy rules also cover new providers of electronic communications services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber, and not just traditional telecom operators. “Our proposals will deliver the trust in the Digital Single Market that people expect,” said EC Vice-President Andrus Ansip, adding that “our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate."

Under the proposed rules, user privacy will need to be guaranteed for both content and metadata derived from electronic communications (such as the time of a call and location), which will need to be anonymized or deleted if users have not given their consent, unless the data is required for purposes such as billing.

Other measures included in the ePrivacy draft are the proposed banning of "unsolicited electronic communication", or spam, by any means, including emails, SMS and even by phone calls if users have not given their consent. The proposal also removes the obligation on websites to ask visitors for permission to place cookies on their browsers via a banner if they are “non-privacy intrusive” cookies designed to improve the internet experience.

Industry groups ETNO and the GSMA said they shared the EC’s goal to protect the confidentiality of electronic communications and establish a harmonized framework for electronic communications data but reiterated their position that the new e-Privacy Regulation fails to allow a customer-friendly and innovation-ready approach. In a statement they said the GDPR already provides sufficient safeguards for protecting privacy, and the communications sector should not be singled out for additional rules.

“While we embrace the need to fully protect consumers, we believe that the General Data Protection Regulation already provides a technologically-neutral and future-oriented framework to this end,” said the industry bodies, adding that “a trust-based use of the data collected by telecom operators is crucial to realizing the benefits of the Digital Single Market.”
Source: Telecompaper