By Matthew Broersma
The European Union is looking to extend some of the privacy rules that currently apply to telecommunications companies to cover internet-based services such as Skype and WhatsApp in a way that could restrict their use of encryption, according to reports.
The EU’s plans could also oblige digital services to allow users to take content, such as copies of emails, with them when they change providers, according to reports from media outlets including The Financial Times and Reuters, all of which cited internal EU documents.
New Privacy Obligations
The privacy and confidentiality obligations for internet firms remain to be defined, according to the EU documents.
Currently 2002’s Privacy and Electronic Communications Directive, known as the ePrivacy Directive, applies only to telecoms providers such as Vodafone or Orange, and those providers have argued the rules place them at a disadvantage to web-based competitors.
Facebook’s WhatsApp, for instance, protects its communications with end-to-end encryption, while telecoms companies are barred from doing so, being subject to wiretapping and “lawful interception” demands by governments.
Apple’s mobile iMessage service also claims to offer end-to-end encryption, while Microsoft’s Skype encrypts communications but also says it monitors message content for the purposes of blocking fraud and other illegal activity.
The possible changes are part of a review to the ePrivacy rules announced by the EU in April, when it launched a public consultation seeking the views of stakeholders.
The EU said the review was motivated in part by the introduction of the General Data Protection Regulation this year, which is set to broadly alter Europe’s data protection environment.
While organizations including national data protection regulators, telecoms companies and internet firms have published their responses to the consultation, the EU’s own views have not previously been made public.
Orange pointed out in its response that internet-based services are “allowed to commercially exploit the traffic data and the location data they collect”, while telecoms firms are restricted in how they use such information.
In its response, Facebook argued against any extension of the ePrivacy rules, saying new restrictions could mean it would “no longer be able to guarantee the security and confidentiality of the communication through encryption” and therefore could “have the undesired consequence of undermining the very privacy it is seeking to protect”.
The European Commission has said it does not necessarily plan to treat all communications services the same for all purposes.
A broader reform of the EU’s telecoms rules is set to begin next month, and the Commission is proposing to take the opportunity to increase the term of spectrum licenses from 10 to 25 years, according to internal documents cited by Reuters.
That move, intended to introduce a more stable market for operators and encourage them to boost their investments, could face opposition from national governments, for whom spectrum license auctions have proven a lucrative source of income.
Under the results of a June referendum, the UK is set to exit the European Union, but EU laws are likely nevertheless to continue to influence British policies.