Microsoft and Facebook to Face Stricter Privacy Regulations, Suggests Leaked Draft of EU Legislation

A leaked privacy regulation would force companies to delete messages after they sent, as well as making the collection of some location and metadata prohibited by default.

 

 

12

    

Microsoft Looks Back on Most Popular Bing Searches of 2016

Microsoft and Facebook to Face Stricter Privacy Regulations, Suggests Leaked Draft of EU Legislation

Microsoft Announces Cortana-Powered Calendar.help

Netgear Issues Firmware Update for Security Risk Routers

Snapchat Adds Group Chat Feature with up to 16 People

Mass surveillance has become a huge topic of discussion following Snowden’s revelations. One of the biggest defenders of privacy has been the European Union, and a leaked legislative draft obtained by Politico reveals further plans.

Dubbed the Privacy and Electronic Communications Regulation, it calls for all electronic communications to become confidential.

Suggested Replacement for ePrivacy Directive

This new privacy regulation would replace the ePrivacy directive, under which only phone calls and SMS are protected by law. It addresses an important fact: online messaging is now more popular than texting.

Leaked legislative draft of the European Parliament and the Council
Leaked legislative draft of the European Parliament and the European Council – Top Page

The legislation would also mean that landline or SMS calls made through Skype would have to be protected. Users will be given “Privacy by design,” which is explained as such:

“The settings of all the components of the terminal equipment placed on the market shall be configured to, by default, prevent third parties from storing information, processing information already stored in the terminal equipment and preventing the use by third parties of the equipment’s processing capabilities.”

This could result in some major changes to the way services such as Skype and Facebook Messenger operate. There are a few caveats, however – allowing services to retain metadata if it’s necessary to “maintain or restore the security of electronic communications networks and services,”or for payment processing purposes.

EU data suggests that a lot of businesses wouldn’t be happy with this. A survey found that 76% of citizens and 93.1% of public authorities think legislation should cover internet communications, while only 28.9% of those in the industry are in favor.

It’s easy to understand why. Information that doesn’t fall under this umbrella would have to be erased or made anonymous as soon as the message is sent. This requires more work on the businesses’ part and could limit data sold to advertisers for profit.

In addition, failure to comply with these regulations will result in administrative fines of up to 20 million euros, or 4% annual worldwide turnover, depending on what’s higher. In Microsoft’s case, that could be a lot of money.

Distinction for Different Cookie Types

As well as addressing recent concerns, the legislation acknowledges the over enforcement of some older ones. In 2009, the ePrivacy Directive made it a requirement for every website targeting EU readers to ask for permission to store cookies.

For those unfamiliar, cookies are small pieces of data stored on a user’s computer. They contain information such as language preferences and whether a user is logged in. However, they can also be used in another way. Third-parties can use cookies as trackers, to create records of user’s browsing history and other data.

Under the Privacy and Electronic Communications Regulation, there will be a better distinction between these two types. Providers will no longer have to store cookies essential to the sites running. They will, however, have to refrain from intrusive ones and listen to existing browser settings.

Regulation draft responds to ongoing criticism

This privacy regulation may not come as a shock to those following related news. Microsoft has recently come under heavy fire from a number of sources for its lax privacy regulations.

In August, an EU draft law surfaced, suggesting a new set of confidentiality provisions. One of the priorities was end-to-end encryption on messaging, as well as limits on how companies can profit from user data.

Amnesty International took a similar stance in August, ranking Skype one of the least secure messaging services due to lack of encryption. Several other organizations have criticized Microsoft for data and cookie collection inside of Windows 10, including the Electronic Frontier Foundation and French authorities.

It’s clear that many EU citizens care about their privacy online, and Microsoft is perceived as part of the problem. This legislation is only in draft form, and could yet change, but it seems to accurately address concerns.

However, Industry group TechUK has its own thoughts on such laws. In regards to end-to-end encryption, director of policy Charlotte Holloway warned:

Commission officials must be vigilant to the unintended consequences of proposals which could undermine Europe’s future economic potential.”

The full proposal will be published in January of 2017, and is expected to undergo several changes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: