EU citizens exchanging information electronically such as via the internet should shortly be guaranteed stronger protection of any data so exchanged. A regulation recently proposed by the European Commission has the precise objective of enhancing the privacy of data shared through electronic means.

A 2002 EU directive currently ensures that all information exchanged electronically – be it via the internet, mobile and landline telephony or via their accompanying networks – is protected. It seeks to safeguard the users’ right to privacy and confidentiality by ensuring security in the processing of personal data and by obliging service providers to notify personal data breaches. The current directive also bans unsolicited communications where the user has not given his/her consent. For example, the current rules provide that consent is required before unsolicited communications (spam) can be sent to a user, be it via short message services (SMSs) or other electronic messaging systems or before information (cookies) is stored on a user’s computer or other devices.

The newly proposed rules now seek to take things a step further and embrace technological developments.

The scope of the newly-proposed regulation has been extended to cover new providers of electronic communication services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber, besides traditional telecoms operators.

The new rules strictly provide that all electronic communications must be confidential. Listening to, tapping, intercepting, scanning and storing of, for example, text messages, e-mails or voice calls will not be allowed without the consent of the user.

In terms of the new rules, privacy is guaranteed for content of communication as well as metadata such as who was called, the timing, location and duration of the call, as well as websites visited. Metadata linked to electronic communications will need to be deleted or made anonymous unless the users’ consent for the service provider’s use and retention of such data has been obtained.

Such data can also be retained and processed for billing purposes.The proposed regulation also specifies when the processing of data is exceptionally permitted and when it requires the consent of the user.

Users will be required to give their consent for websites to be able to use cookies or other technologies to access information stored on their computers or to track their online behaviour.

However, the current so-called “cookie provision”, which has resulted in an overload of consent requests for internet users, will be streamlined. New rules will endow users with more control when it comes to their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks.

The proposal clarifies that no consent is needed for non-privacy intrusive cookies improving internet experience – such as to remember shopping cart history, for filling in online forms over several pages or for the login information for the same session.

Cookies set by a visited website counting the number of visitors to that website will also no longer require consent. Regardless of the technology used, be it automated calling machines, SMSs, or e-mail, users will be required to give their consent before unsolicited commercial communications is addressed to them.

This will, in principle, also apply to marketing phone calls. However, the proposed regulation provides that a member state could instead opt for a solution which gives consumers the right to object to the reception of voice-to-voice marketing calls, such as by registering on a do-not-call list.

Marketing callers will also need to display their phone number or use a special prefix number that indicates a marketing call.The European Commission maintains that not only citizens but even businesses will stand to gain from the new rules. Under the current rules, telecom companies can only process traffic and location data for value-added services, such as proposing communication packages better suited to customers’ consumptions or Wi-Fi hotspot in areas of need.

The proposed rules will allow companies to process communication content and metadata to provide additional services, if users have given their consent and provided that the company complies with privacy safeguards.

This will provide businesses with new opportunities. For example, operators could develop heat maps, a graphical representation of data using colours to indicate the presence of individuals.

Such new services could help public authorities and public transport operators to define where to develop new infrastructures such as roads, metro exits and the like.

The ball is now in the court of the European Parliament and the Council of Ministers, both of which are being urged by the European Commission to work swiftly and to ensure the adoption of the new rules by May 25, 2018.The privacy of data shared electronically is a concern for many.

With the ongoing development of technology and electronic social platforms, it is of the utmost importance that there is a legal framework in place which takes into account such dynamic development and ensures the privacy of data shared by citizens on a daily basis via electronic means.

by Mariosa Vella Cardona