EU proposes mandatory end-to-end encryption for all citizens

The proposal contradicts the UK government's stance on communication encryption

A European Parliament committee wants end-to-end encryption to be compulsory for all forms of digital communication, in a bid to improve the safeguards around online privacy for citizens within the EU.

A draft legislation submitted by the Committee on Civil Liberties, Justice and Home Affairs, attempts to harmonise online privacy rules by ensuring the same level of protection regardless of the service used.

The proposal would force all "providers of electronic communications services", such as apps like WhatsApp or mobile network operators, to place end-to-end encryption on all communicated data, to ensure that the "confidentiality and safety of the transmission are guaranteed".

With end-to-end encryption, service providers would not have access to the decryption key needed to "listen" in on the data being shared, with the sender and recipient the only parties able to see the communications.

Advertisement - Article continues below

The proposal seeks to repeal the current ePrivacy Directive launched in 2002 in an effort to "modernise" data protection frameworks alongside the implementation of GDPR next year. This will therefore need to be approved by the European Parliament and the European Council before it can be made law.

However, the committee argues that the older directive does not take into account new means of communications, such as the rise of IoT networks, which present "new challenges and risks concerning the privacy and protection of personal data of individuals".

This directly counters the narrative coming from the UK government over the monitoring of communications, which has said that tech firms should be providing authorities with a means to bypassing end-to-end encryption.

Following the Westminster terrorist attack in March, Home Secretary Amber Rudd described WhatsApp's use of encryption as "completely unacceptable", arguing that it provides "a secret place for terrorists to communicate".

While many mocked her views, some expressed genuine concern that the government was using the recent atrocity as a means to push though a ban on encrypted communications and limit the privacy of UK citizens.

The EU committee argued that universal encryption is an essential step towards the completion of the Digital Single Market, "as it would increase trust and security of digital services" and would "recognise a longstanding and fundamental right of individuals, enshrined in the ECHR and the EU charter".

Its legislation would need to be approved by the European Parliament and then reviewed by the EU Council.

Picture: Bigstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now


Policy & legislation

Breaking up big tech 'will cause more problems', says EU

8 Nov 2019

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019
Policy & legislation

EU shelves plans to impose digital tax

13 Mar 2019

Most Popular

identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019

Five signs that it’s time to retire IT kit

29 Nov 2019