Rights groups seek tougher EU rules for WhatsApp, Skype

More than 30 digital and human rights organizations have signed a joint letter to the European Parliament to express concern about what they see as a watering down of planned reforms to digital privacy protection that would subject WhatsApp, Facebook Messenger and Skype to the same privacy rules as telcos.

According to Civil Liberties Union for Europe (Liberties), the "eagerly awaited EU reform" of the ePrivacy regulation that would "put an end to unconsented tracking online" is under threat "now that the position of member states has come to light."

Improvements sought by the EU Parliament are at risk of being watered down, potentially rendering the reform toothless, the group said.

Not-so-private browsing: The groups are worried that the directive will no longer have the intended force.  (Source: Dimitri Karastelev on Unsplash)
Not-so-private browsing: The groups are worried that the directive will no longer have the intended force.
(Source: Dimitri Karastelev on Unsplash)

The European Commission (EC) adopted the ePrivacy Regulation proposal in 2017. The European Parliament gave a mandate to begin consultations, and in February EU countries agreed to a joint position in forthcoming negotiations that are expected to start in May.

More privacy please

The EU's ePrivacy directive is now more than a decade old. The update is required to reflect technological changes since inception, like the emergence of the Internet of Things, the widespread use of VoIP, web-based email and messaging services and new, super-sneaky techniques for tracking users' online behavior.

A key aim of the reform is to adapt ePrivacy legislation to align with the General Data Protection Regulation (GDPR).

Liberties explained that GDPR "was a major transformation of the online world, but it is incomplete and insufficiently enforced. The ePrivacy Regulation builds on the GDPR by trying to stop commercial surveillance, due to the proliferation of countless cookies tracking their every move."

According to Reuters, the ePrivacy regulation has run into various hurdles, with EU countries disagreeing on rules for cookies, consent requirements and provisions on detecting and deleting child pornography.

A key point of the reform is that privacy rules will also apply to new players such as WhatsApp, Facebook Messenger and Skype, "ensuring that the services guarantee the same level of confidentiality of communications as traditional telecoms operators," according to the EC.

Liberties noted that the regulation had aimed to change the cookie wall system, and allow people to automate their privacy choices and communicate them to websites and apps through legally binding browser signals.

"Worryingly, member state governments substantially weakened these improvements" by removing or weakening some clauses that would protect Internet users from tracking and monitoring, whether by cookies or other technological means, or banning tracking or cookie walls from the negotiations, Liberties said.

It noted that this flies in the face of a 2016 Eurobarometer survey that suggested more than seven in ten Internet users were concerned about the data collected.

Cutting big tech down to size

Eva Simon, senior advocacy officer at Liberties, said this is a "terrific opportunity to install privacy by default in the online world. Big tech makes big bucks collecting as much data as it can on people when they are online."

"Yet people are increasingly concerned about how much personal data gets hoovered up when they are online and what happens with it."

Simon added: "We have the opportunity to create an internet that better serves users by stopping built in data harvesting and tracing methods. It's important that the European Parliament realises it can stand up for people, and not defend the interests of the big tech platforms."

Want to know more about security? Check out our dedicated security channel here on Light Reading.

Citing the Cisco 2020 Consumer Privacy Survey, the joint letter also pointed out that concerns about data protection have been further exacerbated by the COVID-19 pandemic.

The survey indicated that 87% of respondents were worried about their data not being protected by the tools they need to use for remote working because of the pandemic.

It was also noted that, since the European Parliament agreed to its position in October 2017, "public trust in data collection has been damaged by the Cambridge Analytica scandal. The ePrivacy regulation must send a clear message that the future belongs to business models which unify fundamental rights and innovation, rather than those who operate a personal data dragnet," the letter said.

The campaign is being coordinated by Liberties, Open Rights Group and Panoptykon, and was endorsed as signatories by a number of groups across Europe including Amnesty International.

Related posts:

— Anne Morris, contributing editor, special to Light Reading

Sign In