At long-last the European Commission (hereafter known as the Gaggle of Red-tapers) has outlined its plan to address the regulatory imbalance between telcos and OTTs in Europe.
The draft Regulation on Privacy and Electronic Communications essentially aims to modernize the rules which dictate how telcos and OTTs are able to monetize customer data with third parties and advertisers. It should generally be viewed as good news for the telcos, bad news for the OTTs and a mixed bag for the consumer.
It has been an area of debate since the explosion of internet services, as while many OTTs offer the same services as telcos to consumers, effectively stealing revenues from the telcos, the rules books have been quite different. In what can only be described as a rare moment of clarity from the Gaggle of Red-tapers, the telcos now have more freedom to monetize the treasures troves of data which they are sitting on, and the OTTs will be help more accountable to privacy concerns of users.
The Gaggle of Red-tapers hasn’t been too heavy handed or lenient, in fact, it might be considered a reasonable response. In short, the draft aims to address the following areas:
- OTTs such as Facebook, WhatsApp and Skype will be held accountable to the same level of confidentiality of communications as traditional telecoms operators.
- Data privacy and protection rules will be standardized through all countries in the European Union.
- Location data must be anonymised or deleted, unless a user has given direct consent otherwise, or it is needed for billing purposes.
- Telcos can now seek consent from users to use metadata such as location to offer new services to advertisers, transport companies and local authorities (for example).
- Rules of cookies will be simplified. For example, non-privacy intrusive cookies improving internet experience (i.e. remembering what’s in a shopping cart) can be used without consent being provided.
The telcos are likely to be happy with the outcome of these new rules, however the OTTs maybe less so as there is the potential to hit advertising revenues. As per the new rules, email service providers such as Google or Microsoft (for example) will no longer be able to scan incoming messages or monitor conversations to offer personalized advertising to that specific user.
On the other hand, telcos will now be able to seek consent to allow them to sell personalized advertising to brands built on the location and preferences of the customer. It’s a potential big win for the telcos who have seen revenues eroded by the OTTs, but have had their hands tied with any reaction built on personalized advertising.
“Our proposals will deliver the trust in the Digital Single Market that people expect,” said Andrus Ansip, VP for the Digital Single Market. “I want to ensure confidentiality of electronic communications and privacy. Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate.”
said: “The European data protection legislation adopted last year sets high standards for the benefit of both EU citizens and companies,” said Věra Jourová, Commissioner for Justice, Consumers and Gender Equality. “Today we are also setting out our strategy to facilitate international data exchanges in the global digital economy and promote high data protection standards worldwide.”
For some, more freedom to allow the telcos to offer new services is a move which will encourage innovation, but there will always be critics for every decision made by the Gaggle of Red-tapers. Jan Philipp Albrecht, Vice-Chair of the Committee on Civil Liberties, Justice and Home Affairs, who is often a vocal data privacy advocate, believes the regulation doesn’t offer suitable levels of protection for the consumer.
“Including modern communication methods such as Skype and WhatsApp under data protection rules for electronic communication is a long overdue reform that reflects the way many people communicate today,” said Albrecht.
“However, the rules around tracking user activity are completely back to front. Service providers should require the explicit consent of users if they want to track their activity; under these proposals, they would be able to assume consent unless the user says otherwise.
“The default service should always be the most data protection-friendly, as stipulated by the existing data protection regulation. We know that intelligence agencies are applying blanket data collection and service providers should respond by doing everything technically possible to secure the fundamental right of privacy. We expect the European Parliament and Council to bring forward the changes needed to make sure this promising package truly delivers for users.”
The GSMA, meanwhile, is worried about over-regulation, especially when it comes to operators using data to create new products. “Just like the Commission, we consider it is fundamental to create a privacy framework that enhances consumer trust in the context of electronic communications,” said Afke Schaart, VP for Europe at the GSMA. “However, we must ensure that the detailed requirements, such as the limited lawful grounds for processing, do not inadvertently frustrate use of metadata that is both innovative and sensitive to privacy concerns”
This is certainly a step in the right direction and just as we are about the applaud the Gaggle of Red-tapers, it hits the bureaucratic-pr*ck button. The Gaggle of Red-tapers will not work alongside the European Parliament and Council to “ensure their smooth adoption by 25 May 2018”, at the typical break-neck speed we have all become accustomed to with Europe.