Jean-Claude Juncker, President of the European Commission, has said the Digital Single Market (DSM) could add up to EUR 250 billion to the European economy and generate hundreds of thousands of new jobs. Although the ePrivacy Directive is just one small part of the DSM, it is an important part: It reassures individuals and organisations that their communications will be kept confidential thereby laying down a foundation of trust which has to be present for the DSM to succeed.
At the same time, the Directive regulates what providers can and cannot do with traffic and location data, which could become increasingly important in the data-driven economy and for so-called Big Data initiatives. Without being able to use this secondary data (usually in aggregated and/or anonymised form) many projects that could bring great benefits will not be possible. Europe would be forsaking real economic growth, real jobs and real benefits to consumers and communities. The review of the Directive needs to get this balance right.
Most of the provisions in the ePrivacy Directive, such as fundamental human rights, consumer protection and security, apply only to telcos. There is a strong case for extending the rules to apply to all providers of electronic communications so that consumers can enjoy a consistent experience regardless of where they are in the EU, which technology or platform they use or which sector their chosen provider happens to be in. Telcos are naturally supportive of this aim. However, now that the EU has the new General Data Protection Regulation (GDPR), which applies to any organisation that processes personal data, many of the ePrivacy Directive rules would become redundant, or, at least, duplicative.
For example, the ePrivacy Directive and the GDPR will both cover security and mandatory reporting of security breaches. Similarly, location data and traffic data could be considered to be forms of personal data and should be dealt with under the GDPR. With some clear regulatory guidance, the governance of cookies could also be managed under the GDPR’s rules on profiling.
As many disparate stakeholders are aiming to influence the process, the outcome is not yet certain. However, it will be important for all the citizens, not just the mobile industry. The ePrivacy Directive review was launched on 12 April and will be open for 12 weeks. The GSMA media statement is available here.