A new EU law regulating e-privacy is one step closer to seeing the light of day with the recent approval by MEPs within the European Parliament’s Civil Liberties Committee of stricter new privacy rules regulating electronic communications.

The legislative path for this new regulation, proposed by the European Commission earlier on this year, has not been all rosy. It lays down a number of strict controversial rules which, in the Commission’s view, are intended to ensure that the privacy of electronic communications is safeguarded on a par with other types of data. It is precisely this strict approach reflected in the regulatory rules being proposed which has been the source of much criticism and opposition from market players.

Amid much debate, the MEPs within the LIBE Committee have voted in favour of the Commission’s proposal to extend the new regulation to apply to not only traditional telecom service providers but also to digital services provided by newer players such as WhatsApp, Facebook Messenger and Skype. This means that these new privacy rules will apply not only to SMS and telephone services but also to internet-enabled services such as WhatsApp, Skype, Messenger and Facebook.

The Commission in its proposal wanted to ensure that privacy is guaranteed for communications content and metadata, that is that data which gives information about numbers called, websites visited, geographical location or the time and date a call is made, and other sensitive data.

In terms of the new rules, metadata will need to be anonymised or deleted unless users provide their consent and unless the data is needed for billing. MEPs have now agreed upon the need to set strict limits on data processing and insisted that data should only be used for the purpose for which consent has been given by the individual. They have also voted to ensure that metadata should be treated as confidential and never passed on to third parties.

The Commission had proposed simpler rules for cookies whereby browser settings will provide for an easy way to accept or refuse tracking cookies and other identifiers. It had also proposed that no consent will be needed for non-privacy intrusive cookies improving internet experience such as to remember shopping cart history or cookies used by a website to count the number of visitors.

MEPs have now agreed on a ban on cookie walls, which block access to a website if the person does not agree to his or her data being used by the same site. They have also made it clear that snooping on personal devices via cookies or software updates or tracking people without their clear approval through public hotspots or Wi-Fi in shopping centres, should also be prohibited.

“Privacy by default” settings should become standard for all software used for electronic communications and service providers must provide for strong encryption, the MEPs have emphasised.

The proposed regulation, as approved by the MEPs, also bans any unsolicited electronic communications by e-mails, SMS and automated calling machines.

The placing of direct marketing voice-to-voice calls to users will only be allowed in respect of those individuals who have not expressed their objection to receiving such communications.

The MEPs have proposed that member states must specifically make provision for the right of users to object to receiving the direct marketing voice-to-voice calls via a Do Not Call Register, thereby also ensuring that the user needs to opt out only once. Marketing callers will also need to display their phone number or use a special pre-fix that indicates a marketing call.

Despite the favourable vote adopted by the MEPs within this Committee, the proposed regulation is still a few legislative steps away from coming into force and has in fact now been tabled for its first reading at the European Parliament’s plenary session.

This proposed regulation ensuring privacy of electronic communications is intended to complement the General Data Protection Regulation set to come into force in May 2018. Through both legislative measures, the EU institutions clearly want to convey the message that there are no shortcuts to be taken where the protection of personal data and privacy of the individual are concerned. Indeed, the hefty fines for infringements by any subject person as provided for by both laws should surely serve as a deterrent to anyone contemplating circumventing the rules set out therein.

Mariosa Vella Cardona is a freelance legal consultant specialising in European law, competition law, consumer law and intellectual property law.

mariosa@vellacardona.com

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.