Mass surveillance has become a huge topic of discussion following Snowden’s revelations. One of the biggest defenders of privacy has been the European Union, and a leaked legislative draft obtained by Politico reveals further plans.
Dubbed the Privacy and Electronic Communications Regulation, it calls for all electronic communications to become confidential.
Suggested Replacement for ePrivacy Directive
This new privacy regulation would replace the ePrivacy directive, under which only phone calls and SMS are protected by law. It addresses an important fact: online messaging is now more popular than texting.
The legislation would also mean that landline or SMS calls made through Skype would have to be protected. Users will be given “Privacy by design,” which is explained as such:
“The settings of all the components of the terminal equipment placed on the market shall be configured to, by default, prevent third parties from storing information, processing information already stored in the terminal equipment and preventing the use by third parties of the equipment’s processing capabilities.”
This could result in some major changes to the way services such as Skype and Facebook Messenger operate. There are a few caveats, however – allowing services to retain metadata if it’s necessary to “maintain or restore the security of electronic communications networks and services,”or for payment processing purposes.
EU data suggests that a lot of businesses wouldn’t be happy with this. A survey found that 76% of citizens and 93.1% of public authorities think legislation should cover internet communications, while only 28.9% of those in the industry are in favor.
It’s easy to understand why. Information that doesn’t fall under this umbrella would have to be erased or made anonymous as soon as the message is sent. This requires more work on the businesses’ part and could limit data sold to advertisers for profit.
In addition, failure to comply with these regulations will result in administrative fines of up to 20 million euros, or 4% annual worldwide turnover, depending on what’s higher. In Microsoft’s case, that could be a lot of money.
Distinction for Different Cookie Types
As well as addressing recent concerns, the legislation acknowledges the over enforcement of some older ones. In 2009, the ePrivacy Directive made it a requirement for every website targeting EU readers to ask for permission to store cookies.
Under the Privacy and Electronic Communications Regulation, there will be a better distinction between these two types. Providers will no longer have to store cookies essential to the sites running. They will, however, have to refrain from intrusive ones and listen to existing browser settings.
Regulation draft responds to ongoing criticism
This privacy regulation may not come as a shock to those following related news. Microsoft has recently come under heavy fire from a number of sources for its lax privacy regulations.
In August, an EU draft law surfaced, suggesting a new set of confidentiality provisions. One of the priorities was end-to-end encryption on messaging, as well as limits on how companies can profit from user data.
Amnesty International took a similar stance in August, ranking Skype one of the least secure messaging services due to lack of encryption. Several other organizations have criticized Microsoft for data and cookie collection inside of Windows 10, including the Electronic Frontier Foundation and French authorities.
It’s clear that many EU citizens care about their privacy online, and Microsoft is perceived as part of the problem. This legislation is only in draft form, and could yet change, but it seems to accurately address concerns.
However, Industry group TechUK has its own thoughts on such laws. In regards to end-to-end encryption, director of policy Charlotte Holloway warned:
“Commission officials must be vigilant to the unintended consequences of proposals which could undermine Europe’s future economic potential.”
The full proposal will be published in January of 2017, and is expected to undergo several changes.