Reviewing Europe’s ePrivacy Rules: Surgical Precision Needed
The European Union’s ePrivacy rules are on the operating table. The anesthetist is at work and the surgeon is sharpening the tools. The medical team is ready to perform surgery on the patient.
While we don’t yet know how this surgery will go — this particular legislative operation will last a couple of years! — we should know what the objective is. The European Commission describes the objective as being to “reinforce trust and security in the Digital Single Market”. For me, the objective should be to protect confidentiality and to enable innovation, not some damp compromise between the two of those.
The purpose of changing the law is to change something. In that process some things may be improved—the European Commission wants to get rid of the annoying cookie banners that it invented a few years ago—but some things might also get worse.
This blog post looks at some of the things that might not be possible if the ePrivacy legislation were to go through in its current form.
Rules for Cars, Dating Apps and Gamers
Firstly, it is important to be clear that these new rules are not just about the communications sector (as they were in the past). They don’t just cover telecommunications networks. They cover all companies that have a chat or calling function as part of their service.
This includes gaming consoles where you can chat with friends you are playing against, dating applications like Tinder where you can chat to people you fancy and sites for booking holiday accommodation like Airbnb. It also covers the car industry, as in a world of connected cars the car is a device.
These rules cover a broad range of companies and activities and are therefore general. The same medical team behind this surgery recently did a long and complex operation to come up with the General Data Protection Regulation (GDPR) and this proposal duplicates many parts of that. We seem to be operating on the patient for a second time without a very good reason to do so—that is clearly risky.
But what are the consequences of the ePrivacy proposal?
Technology to Help Europeans with Disabilities
Technology can improve the quality of life and employment prospects of the 80 million Europeans living with disabilities. For those who are deaf or hard of hearing technology can, for example, turn speech into text. A deaf person can see on a screen what is being said by another person. Under the Commission’s proposal doing this would require the person speaking with the deaf individual to give their consent for their ‘communication’ (their words) to be analysed and turned into text.
Obtaining the speaker’s consent for speech-to-text would require the deaf person to effectively tell the speaker that they are deaf, something that they might not want to do. Also, if one is talking into a phone, e.g. on a conference call, and the deaf person is using a system like Skype, Skype would perform the translation but would have no way to get the permission of the person speaking.
Result? Such translation would be banned unless a more flexible way than explicit consent is agreed on.
Connected Cars
As the car industry transforms, the ‘connected’ car seems to offer much to the consumer and the car industry. The car will become a ‘device’ connected to the Internet.
This means it will be covered by the ePrivacy rules, just like a mobile phone.
Already today Bluetooth is one technology used to monitor traffic flows. As these rules apply to the public authorities they seem to require each driver to give their explicit permission to the government or municipal authorities to be captured in this traffic data. No mechanism to do this exists.
Free Media
Advertising is a source of revenue free of government interference. Beyond media, a lot—in fact the overwhelming majority—of content is ad-funded including apps and games.
This proposal puts that at risk. Requiring that software (found in browsers, apps, car software, speech-controlled software, fridges, TVs) placed on the market should prompt people to block third-party cookies would only highlight privacy risks without explaining any benefits of data gathering, meaning we could see a big jump in people making that choice uninformed. It is entirely legitimate for people to want to use ad-blockers, but that the law would prompt them to do so would be a new departure from accepted practice. This could reduce ad revenues and the content funded by it.
This could also cause more cookie chaos, something that the European Commission had resolved to get rid of. More people activating ad-blocking options would see a rise in companies asking people to turn them off to receive the service – and so we go round in circles with new cookies chaos.
This would be a lose-lose situation, with users being annoyed by banners constantly asking them to consent and companies harassing their users.
Your Own Personal Assistant
Who doesn’t like having something done for them? Increasingly technology can take the strain out of going through lots of emails. Automated assistants in email programs can correct spelling, translate things and offer to put things in your diary.
Under the new rules, these tasks would not be allowed. When you receive an email from someone else, the words in their email are protected. Unless your correspondent gives their explicit permission, your email provider cannot translate the words or automatically put something in your diary. With more and more mundane tasks able to be automated, this is a shame.
It Doesn’t Have to Be This Way
Securing the confidentiality of communications does not depend on the rigid system proposed by the European Commission. Processing of communications data is as ubiquitous as the processing of personal data and all legal grounds for processing data that are outlined in the GDPR should be available—conditions that are already described as strict.
Let’s protect people from interference with their communications, not from communicating itself. Let’s avoid a damp compromise by preserving the confidentiality of communications and allowing scope for innovation. Let’s ensure that the innovations people rely on today are not banned and ensure future innovation goes hand in hand with the confidentiality of communications.
