1.Introduction
On 10 January 2017 the European Commission submitted to the European Parliament and the Council a proposal for a regulation on privacy and electronic communications (hereinafter the “Regulation”) whose main aim is to improve the protection of privacy in electronic communications and open up new opportunities for business, in particular in the field of processing communications data.
2.Proposed Provisions
The Regulation is to achieve this aim primarily through the following means:
- Expansion of Regulation’s Effect
The current directive on privacy and electronic communications only applies to traditional telecommunications operators, i.e. providers of telecommunications services. The Regulation therefore applies the privacy protection rules also to providers of electronic communications services such as Facebook, WhatsApp, Skype, Gmail, iMessage and others.
This means that the Regulation significantly expands the group of services whose providers will be obligated to comply with the privacy protection rules set by the Regulation.
- Metadata Protection
Protection in accordance with the Regulation should not apply only to the contents of an electronic communication, but also to metadata resulting from such communication. Data such as the time, place and duration of the relevant communication will therefore be protected. Without the consent of the telecommunication services user, such metadata must be anonymised or deleted.
An exception from this rule covers data that is necessary for billing services provided or uncovering or halting fraudulent communications.
- Rules for Using Cookies
With regard to the fact that cookies are used in a certain form by a large part of all internet servers, the current rules on the use of cookies have led to internet users being inundated with requests for the use of cookies on each individual server.
The rules set out in the Regulation enable users to check their settings in more detail and, in the case of a risk to privacy, easily accept or reject monitoring by cookies. The proposal states that consent is not necessary for cookies that do not interfere with privacy and only improve internet services (e.g. remembering the bin history). Consent will not be required even for cookies on pages visited that use cookies only to count the total number of page visitors.
Internet users will have a greater overview of at which internet pages cookies can represent a risk for their privacy and they will not be inundated with requests from all pages using cookies.
- Anti-spam Protection
The Regulation contains anti-spam protection in all forms of electronic communication, in particular by text message, telephone call, e-mail and so on.
Marketing calls will have to display the caller’s number or use a special dialling code, according to which the marketing call will be identifiable in advance. Communication service providers will then have to enable the blocking of such calls, e-mails, text messages and so on.
Direct Applicability
Current legislation on privacy protection in electronic communications is only set out at the European level in a directive. A directive is not directly applicable to its addressees, but has to be transposed into national law. Therefore, different privacy protection rules can apply in individual EU member states.
The new legal provisions, however, are to be adopted in the form of a regulation, which will be directly applicable throughout the EU without the necessity of an independent legal standard at the level of individual member states. The legal provisions will therefore be uniform throughout the European Union.
- Business Opportunities
The Commission also assumes that an ancillary consequence of the Regulation will be the arising of new business opportunities. If users grant their consent to the processing of communications data (whether content or metadata), traditional telecommunications operators will have more opportunities to use them and provide supplementary services.
For this purpose telecommunications operators could have detailed analyses of such data, and the applications and services based on them, drafted. One example is the generation of heat maps designating the presence of individuals, helping public bodies and transport companies prepare new infrastructure projects.
3. Conclusion
The adoption of the Regulation can, with regard to the above, be perceived as a positive step leading to an increase in the protection of privacy of electronic communication services, in particular because the Regulation expands the protection rules to all electronic communications services, including e-mails and all messengers, not only concerning the content of such communications, but also their metadata.
The Commission’s aim is for the European Parliament and the Council to, without undue delay, ensure the smooth adoption of the proposed regulation, so that it comes into effect on 25 May 2018.
For more information, please contact our office’s partner, Mgr. Jiří Kučera, e-mail: jkucera@kuceralegal.cz ; tel.: +420604242241.