Mobile Meetings Series ‘Reinforcing ePrivacy rules to support innovation and consumer trust’

Each time a person goes online to get travel directions, book a hotel or communicate via instant messaging, they entrust personal information to internet service providers, telecoms operators or visited websites. Trust and confidentiality of users’ online behaviour and devices is of paramount importance. Most processing of personal data is already protected by the General Data Protection Regulation (GDPR) which will apply from May 2018. But, in January 2017, the Commission presented a proposal to maintain and modernise the current regulatory framework for electronic communications (ePrivacy), going beyond the GDPR with the intention of reinforcing trust and security in the Digital Single Market and protecting the confidentiality of people’s private communications. At the latest GSMA Europe Mobile Meetings Series entitled “Reinforcing ePrivacy rules to support innovation and consumer trust”, participants discussed how policies should be shaped to allow reasonable use of data and how to ensure clarity of privacy in a policy framework for the mobile industry that considers both economic interests and consumers’ right to data protection.

Participants noted the fact that the Commission proposal on ePrivacy will apply to all providers of electronic communications services and emphasises the principle of confidentiality of communications. Moreover, the delegates recognised the importance of the Commission adopting a technology-neutral approach.

All the areas related to ePrivacy − including access to data and reuse of data, machine-to- machine metadata flows, privacy by design and notifications − are multidimensional topics on which the European Parliament and Council are requested to find the right balance among a wide range of positions. The participants acknowledged the complexity of these issues, especially when assessing which data and which circumstances give rise to privacy concerns. There was a consensus that private initiatives to protect data and ensure effective access were already being adopted by stakeholders to complement the existing legislation.

There was general agreement that policymakers need to adopt both a customer-centred and an innovation-friendly approach to enable European companies to stay competitive and realise the potential of a data-driven digital economy. Many challenges need to be addressed, especially concerning the processing of metadata, consent rules, cookies, definitions, exemptions and consistency with the existing legal framework. In this respect, participants called for full alignment with the GPDR and other existing or upcoming legislation, such as the European Electronic Communications Code (EECC). On the processing of metadata, participants debated on the allowable grounds, with some of them recalling that the GDPR allows processing when compatible with the initial purpose for which the data was collected.

Participants questioned the urgency of bringing into force ePrivacy Regulation together with the GDPR on 25 May 2018. Given the challenges around ePrivacy, participants suggested allowing sufficient time to effectively evaluate the impact of the proposal on individuals and society, as well as to ensure a high level of protection for users’ personal data. When it comes to fundamental rights and consumers’ protection, quality is more important than speed. Delegates agreed that further discussions are needed to ensure that the new ePrivacy Regulation achieves two primary aims: to protect the confidentiality of private communications effectively and to foster innovation and economic growth in the EU.

For more information about the GSMA’s position on ePrivacy proposal, click here.