Confidentiality and security of electronic communications in Europe need better protection
EAID Opinion in the course of a consultation procedure of the EU Commission on the evaluation ePrivacy Directive
The European Academy for Freedom of Information and Privacy (EAID) takes the view that the privacy of electronic communications needs better protection by European law . This is suggested by the former Berlin Data Protection Commissioner Alexander Dix and former Federal Data Protection Commissioner Peter Schaar, now board members of the European Academy for Freedom of Information and Data Protection. The opinion of the EAID was delivered in the course of a consultation procedure on the evaluation of the Directive on privacy and electronic communications (ePrivacy Directive – 2002/58/EC) conducted by the European Commission. The Commission plans to table a legislative proposal to reform the ePrivacy directive in mid-2017.
The privacy advocates emphasize that electronic communications are increasingly exposed to risks of monitoring and comprehensive registration of the communications behavior of users. Therefore the European Union must strengthen the protection of confidentiality and security of technologically mediated communications.The specific European legal requirements on data protection in electronic communications services will not become obsolete when the General Data Protection Regulation (GDPR) comes into force. However, the current provisions require a fundamental overhaul. The rights to secrecy and privacy of electronic communications can only be guaranteed at a high level on the basis of specific data protection provisions for this sector.
It must be ensured that the future regime for data protection in electronic communications is not limited to classical telecommunications services. It must also apply to the providers of so-called “over-the-top” (OTT) services as Internet telephony and instant messaging, and other services of the information society. The telemarketing should be allowed only on the basis of the consent of the person being called. The same provision should apply to the sending of commercial messages via social networks, which must not be treated differently from promotional emails (opt-in principle). Finally, everyone must have the right to protect his or her communications (email, home networks, mobile phones, storage media) by using passwords and encryption. The communications service providers should be obliged to provide to their customers appropriate safety measures .
Given the increasing importance of supposedly “free” services (actually payed by user’s personal data), the EAID emphasizes the risk that privacy may become a luxury item for the wealthy who can afford to pay with money instead of data. It is therefore existentially important, that basic services within the meaning of universal service should be offered for free and without excessive data collection. The processing of personal data must be strictly limited to what is necessary for the provision of such services.Third-party cookies should always disabled by default. Even other tracking and targeting techniques should require the explicit and unambiguous consent of the user.
To ensure uniform enforcement of the new legal instrument on data protection in electronic communications the oversight competence should be assigned in all Member States to the data protection authorities, ensuring that the European Data Protection Board will guarantee a uniform and consistent application throughout Europe. Thus the current jurisdictional problems and legal uncertainties which are comprehensible neither for users nor for companies, could be resolved.
V.i.S.d.P.: Dr. Alexander Dix, Europäische Akademie, für Informationsfreiheit und Datenschutz, Bismarckallee 46/48, 14193 Berlin