EU states agree reform of telecom privacy rules after 4 years of negotiations

News General Europe 10 FEB 2021
EU states agree reform of telecom privacy rules after 4 years of negotiations

The EU states have reached a compromise on reforming the ePrivacy directive, which covers privacy protection over communications networks. Work to reform the directive from 2002 started four years ago, in an attempt to extend the provisions to new forms of communication over the internet and mobile apps. Telecom operators said they support the underlying principle of confidentiality of communications, but want to ensure they are on a level regulatory footing with OTT services.

The agreement was reached by the Coreper, the committee of EU members' representatives in Brussels. A final text for the new regulation must still be negotiated with the European Parliament before it can be voted and take effect. The EU states would then have two years to implement the changes.

The ePrivacy directive complements the EU's General Data Protection Regulation of 2018 and applies specifically to public communications networks. In addition to guaranteeing the privacy of communications over those networks, the new regulation would protect metadata associated with the communications and machine-to-machine data for the emerging IoT services market. It covers end-users in the EU, including companies outside the EU that process data on EU subjects.

The telecom operators had lobbied for the right to use metadata collected from their networks to provide new commercial services, such as location analytics for businesses based on anonymised phone signals on mobile networks. They noted that companies such as Google and Apple already have access to GPS data from users' phones, so they should be allowed to monetise similar data from telecom networks. 

The Portuguese presidency of the EU said metadata may be processed for instance for billing, or for detecting fraud. With the user’s consent, service providers also could use metadata for public services, for example for tracking people's movement during a pandemic or emergency, or helping to plan transport infrastructure. Furthermore, in certain cases, telecom operators could use metadata for a purpose other than that for which it was collected, even when this is not based on the user’s consent or outlined in EU or national law. This processing for another purpose must be "compatible with the initial purpose, and strong specific safeguards apply to it", the Council said.

Mobile phone makers also will face tighter controls of their use of personal data. As both the mobile hardware and software may store highly personal information, such as photos and contact lists, the use of processing and storage capabilities and the collection of information from the device will only be allowed with the user’s consent or for other specific transparent purposes laid down in the regulation.

The compromise was largely welcomed by telecom industry groups such as ETNO and the GSMA. Their main concern is ensuring that the final text does not vary significantly from the requirements of the GDPR, so the telecom sector is not put at a disadvantage compared to other industries. EuroISPA seconded that concern, noting there also needs to be clarity on which regulator has authority in enforcing the rules.

The CCIA, which represents most major internet companies, also wants clarity on potential overlap between the GDPR and the new rules for online communications and connected devices. This is also important in ensuring consistent enforcement across the EU, the group said.

Cookies fatigue

The other controversial element of the directive has been the regulation of website cookies. The EU said it wants to reform the system so internet users have a "genuine choice" whether to accept cookies or similar identifiers. Under the new rules, sites with a paywall or required cookies may not refuse access and instead must provide a third alternative of a website with equivalent content and no mandatory cookies.

The EU also wants to make it easier for people to manage cookies. They should be able to give consent to the use of certain types of cookies by whitelisting one or several providers in their browser settings. The browser developers will be encouraged to make it easy for users to set up and amend the whitelists and withdraw consent at any moment.

Categories:

General

Companies:

AppleEuropean CommissionGoogle

Regions:

Europe

Tags:

Voice services, Data services, Messaging, Regulations, Location Based Services, Legislation - Lawsuits

Related Articles

EUROPE 19 NOV

EU proposes digital omnibus law to simplify security reporting, slow AI requirements

The European Commission has published the Digital Omnibus, a new law designed to simplify the EU's digital legislation and reduce the administrative burden for businesses covered by the regulations. Part of a wider push under the current Commission to simplify EU rules in order to improve the bloc's competitiveness, the Digital Omnibus covers multiple topics, including consolidating the various cybersecurity incident reporting requirements into a single portal, a longer implementation period for the AI Act,

INDIA 3 JAN 2022

India starts probe into App Store practices

The Competition Commission of India (CCI) has started an investigation into Apple's practices on its App Store. The CCI noted that third-party app stores are not allowed to list on the store due to developer guidelines and agreements. "These restrictions imposed by Apple forecloses the market for app stores for iOS for potential app distributors," the order reads. The move follows a complaint from NGO Together We Fight Society, which says Apple contravenes the country's Competition Act.

EUROPE 15 NOV 2021

EuroISPA and others call for 'robust, future-proof' EU Digital Services Act

EuroISPA, the association of European ISPs, said it is one of 15 European trade associations to sign a joint letter calling on MEPs to ensure that the proposed EU Digital Services Act (DSA) remains a "workable, balanced, and future-proof legislation". Above all, the associations representing startups, SMEs, technology, advertising, digital and media organisations urge the MEPs to guarantee that the cost of compliance with the DSA does not turn into an entry barrier for the smallest providers and hinder them

EUROPE 26 JUL 2021

EU regulators tell Google to improve compliance with consumer protection regulations

Google needs to work harder at living up to consumer protection rules in the EU, according to a study by the Dutch authority ACM and its Belgian counterpart the Economic Inspection. On behalf of the Consumer Protection Cooperation Network operated with the European Commission, the national regulators investigated several Google services, including the search engine and Play Store. Their work found Google lacking in several areas, and recommendations for improvement were drawn up. If Google does not implemen

EUROPE 12 MEI 2021

EU consults on guiding principles of 'digital decade'

The European Commission has followed the 'digital decade' communication it issued in March by launching a public consultation the set of principles required to "promote and uphold EU values in the digital space". The consultation, open until 02 September, seeks to open a wide societal debate and gather views from EU citizens, non-governmental and civil society organisations, businesses, administrations and all interested parties are invited to contribute by 02 September, after which the Commission will set

EUROPE 26 APR 2021

EU to launch cross-border online age verification system in 2022

The European Commission said a consortium of twelve of the continent's leading academic institutions, NGOs and technology providers has been awarded EU funding to create a cross-border system for online age verification and parental consent. The ultimate aim of the 18-month project is to enable service providers to verify the age of their users to protect them from harmful content and ensure that younger children have parental consent before they share personal data.

GLOBAL 17 MRT 2021

Norwegian Consumer Council wants Grindr to be forced to delete illegally gathered personal data

The Norwegian Consumer Council is asking the country's the Data Protection Authority to impose measures to ensure that the dating application Grindr identifies and deletes illegally collected personal data. The authority had already announced a fine of NOK 100 million against the app, or about 10 percent of Grindr's annual global revenue.

EUROPE 11 FEB 2021

EU-lidstaten na 4 jaar onderhandelen eens over hervorming van privacyregels voor telecom

De EU-landen hebben een compromis bereikt over de hervorming van de ePrivacy-richtlijn, die de bescherming van de privacy via communicatienetwerken bepaalt. Vier jaar geleden is begonnen met de hervorming van de richtlijn uit 2002 in een poging de bepalingen uit te breiden tot nieuwe vormen van communicatie via internet en mobiele apps. Telecomexploitanten zeiden dat ze het onderliggende principe van vertrouwelijkheid van communicatie ondersteunen, maar willen ervoor zorgen dat ze op wat betreft wetgeving o

EUROPE 6 NOV 2020

EU mobile operators reject latest proposal to reform ePrivacy regulation

The European mobile industry has criticised the latest proposal to reform the EU's ePrivacy regulation, which covers privacy of communications over telecom networks. The mobile operators want more freedom to monetise metadata from their networks. Industry groups GSMA and ETNO said that the current EU president Germany was not listening to the interests of other states and instead favouring its own political interests. 

EUROPE 26 MRT 2020

EU privacy regulators back plan to use telecom data to track coronavirus

The European Data Protection Supervisor has backed the European Commission's plans to collect anonymised data from telecom operators to help track developments in the coronavirus crisis. The EDPS said the plans do not violate EU data protection laws. The EDPB earlier expressed a similar stance, saying national legislation on the matter is also possible. 

EUROPE 25 NOV 2019

EU member states fail to agree on ePrivacy rules

EU member states have failed to agree on the scope of the proposed ePrivacy directive at a meeting of the Permanent Representatives Committee of the EU Council, reports Reuters. The draft directive for new privacy regulations on electronic communications was proposed back in January 2017 but EU countries have made little progress on approving the text, with several criticising the ePrivacy proposal as too restrictive, said the report.

EUROPE 9 OKT 2019

Industry groups call on EU to reconsider ePrivacy proposal

A total of 61 European trade associations, including EuroISPA, have published an open letter urging EU Member States to ask the European Commission to reassess its proposal for an ePrivacy Regulation. The draft directive for new privacy regulations on electronic communications was proposed back in January 2017 but has made little progress on approving the text. However, the coalition of trade groups said several questions about the essential aspects of the proposal remain unanswered.

EUROPE 22 NOV 2018

EU states delay vote on ePrivacy reform

EU telecom ministers will not vote on the ePrivacy reform at their next meeting in December. This means the new directive is unlikely to be approved before the European elections next May. 

EUROPE 19 OKT 2018

EDPS calls for urgent adoption of new ePrivacy law

The European Data Protection Supervisor (EDPS) has called for urgent adoption of the reform of European ePrivacy regulation first proposed by the European Commission back in January 2017. In a blog post, the EU's top privacy official Giovanni Buttarelli said the reform is crucial to protect the fundamental rights to privacy and the protection of personal data in the digital age. He urged lawmakers to advance quickly to allow legal certainty and a level playing field for market operators, with the reform des

EUROPE 13 JUL 2018

ETNO welcomes Austrian draft on ePrivacy regulation

EU telecom operators have welcomed a new draft of the ePrivacy regulation proposed by the Austrian presidency of the EU to Council members. The draft notably relaxes some of the restrictions on processing communications metadata. The Council's working party on telecom issues will meet 17 July to discuss the draft, in an attempt to finalise its position and open negotiations with the European Parliament on the final text. 

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.