Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Skype, WhatsApp face increased privacy regulation in Europe

Peter Sayer | Dec. 14, 2016
The European Commission wants to update its aging privacy rules for electronic communications services, bringing messaging apps under its umbrella for the first time

Skype, WhatsApp and services like them could soon fall under the same European Union regulations as telephone calls and SMS text messages, a leaked legislative draft reveals.

Although Skype and WhatsApp can both be used to make voice calls and send text messages, they don't fall under existing EU communications privacy legislation because they are data services that run over the top of an internet connection, rather than native functions of the network like phone calls and SMS.

But legislators want to bring such "over-the-top" services within the scope of rules protecting users' privacy with their proposed Privacy and Electronic Communications Regulation, a draft of which was obtained by Politico on Monday. The regulation is intended to replace the 2002 ePrivacy Directive.

The new regulation calls for all electronic communications to be confidential. Processing or interfering with such communications without the end users' consent, including by listening, tapping, storing, monitoring or other kinds of interception and surveillance, shall be prohibited, the draft regulation says.

The ePrivacy Directive was last updated in 2009, at the dawn of the smartphone app era, and much has changed for users of telecommunications services since.

For one thing, while mobile phone users still send billions of SMS text messages a day, usage of over-the-top messaging services overtook SMS years ago. By January 2015, WhatsApp said its messaging traffic alone exceeded that of SMS by 50 percent.

The draft regulation expands the definition of electronic communications to encompass new services delivered by apps rather than dedicated hardware.

Under the proposed rules, privacy is an option -- but it's one that must always be turned on by default, allowing users to opt out of it, rather than requiring them to opt in.

Article 10 of the leaked draft, titled "Privacy by design," requires: "The settings of all the components of the terminal equipment placed on the market shall be configured to, by default, prevent third parties from storing information, processing information already stored in the terminal equipment and preventing the use by third parties of the equipment's processing capabilities."

Furthermore, it says, "Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the Internet, shall be configured to by default prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment."

The draft regulation ought to put an end to spam, with its stipulation (in Article 16, Unsolicited communications) that, "The use of electronic communications services by natural or legal persons for the purposes of transmitting direct marketing communications is allowed only in respect of end-users who have given their prior consent."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.