EU calls for tighter privacy rules for web communications

The new rules could impact the ability of web companies to generate advertising revenue

Online messaging platforms such as Gmail and WhatsApp may face stricter rules when it comes to tracking customer data, following a proposal made to the European Union on Tuesday.

Websites will be required by law to protect the confidentiality of users and their conversations, including a requirement to seek consent before tracking online activity in an effort to create personalised adverts.

Advertisement - Article continues below

This will significantly impact the activities of websites such as Gmail and Hotmail, which under the proposed rules would need to ask for consent before scanning user emails for use in targeted advertising, something they are currently able to do without consulting the customer.

By updating the current regulations, "all people and businesses in the EU will enjoy the same level of protection for their electronic communications", the proposal states.

The changes would extend rules that currently only apply to telecommunications to web-based messaging services, closing a regulatory gap between traditional telecoms services and relatively newer players, such as Microsoft and Facebook.

As a result of standardised regulations, telecommunication services will be able to make use of tracking data, such as the location and duration of calls, to deliver new services and increase revenues, something they are currently banned from doing.

Advertisement
Advertisement - Article continues below

"Our proposals will deliver the trust in the Digital Single Market that people expect," said Andrus Ansip, vice president for the Digital Single Market. "I want to ensure confidentiality of electronic communications and privacy. Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate."

Advertisement - Article continues below

Additional proposed alterations to the current 'e-Privacy' law will force web browsers, at the point of installation, to ask users if they want websites to place cookies on their browser.

"The so called 'cookie provision', which has resulted in an overload of consent requests for internet users, will be streamlined," reads the proposal. "New rules will allow users to be more in control of their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks."

Internet users will be used to websites requesting their consent to the use of cookies that allow advertisers to track activity, including where users have logged in from. However, cookies that are required to run for the purpose of user experience, such as an online shopping cart, will no longer require consent from the user.

Spam electronic communications will also be banned, and marketing calls will be required to show their phone number or an easily identifiable prefix so users are aware of its purpose.

Advertisement - Article continues below

Failure to abide by the new regulations would lead to a fine of up to 4% of a company's global turnover, inline with the General Data Protection Regulation (GDPR) to be applied in 2018.

Online advertisers have warned that overly strict regulation will harm revenue and diminish the ability for many websites to offer free content.

"It will particularly hit those companies that find it most difficult to talk directly to end users and what I mean by that is tech companies that operate in the background and sort of facilitate the buying and selling of advertising, rather than the ones that the user directly engages with," said Yves Schwarzbart, head of policy and regulatory affairs at the Internet Advertising Bureau (IAB), speaking to Reuters.

IT Pro has approached Google and Facebook for their responses to the proposed rule changes, but has yet to receive a reply.

Before becoming law, the proposal will first require approval from the European Parliament and member states, before seeking adoption by the 25 May 2018 alongside the already ratified General Data Protection Regulation.

Advertisement
Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020