Confused about digital privacy? New EU rules plan to simplify it

Consumer body urges alternative for consumers to ‘24/7 consumer surveillance’

New EU regulations to help protect consumers’ privacy should put strict limits on tracking and oblige providers to put strong privacy settings in place by default, European consumer group BEUC said.

The organisation said consumers needed an alternative to “24/7 commercial surveillance” when using digital services, and said devices and apps should not track behaviour by default, forcing users to take action to opt out.

It made the call as the European Commission published proposed plans that will overhaul laws on the confidentiality and security of phone, email and messaging services. The proposed measures will set out when users’ consent is required for tracking online activities and for using customers’ communication and location data for marketing.

The new directive will align existing rules, dating back to 2001, with more up to date regulations introduced with the General Data Protection Regulation of 2016.


BEUC is calling on EU legislators to adopt the new rules and apply them to all businesses who offer digital communication services to consumers.

The organisation cited a recent Eurobarometer study on digital privacy that found the overwhelming majority of participants thought it was important that personal information was only accessed with permission, and 82 per cent believed it was important cookies and other tracking methods were only used with consent.

The new rules will also compel newer messaging services to adopt the same level of confidentiality of communications as traditional telecoms operators, and ban spam communications over emails, SMS and automated calling machines.

Replacing SMS

"Online communication services such as Skype and WhatsApp are replacing SMS and regular phone calls at lightning speed. Consumers' privacy should not be less protected when using these services. They should be able to rest assured that their phone calls, emails or messages are for their eyes and ears only, irrespective of the service they use," said Monique Goyens, director-general of the European Consumer Organisation.

“This reform is the opportunity to confront the widespread problem of online tracking.”

The EU has introduced a number of rules in recent years to try to protect consumer privacy. Under regulations that came into force in 2011, websites that use cookies to track user activity must inform consumers about the cookies they use and what they use the information for, gaining consent from consumers to proceed.

However, this can mean consumers being hit with a slew of messages from sites about cookies. If the proposals are adopted, this process will be streamlined, the EU said, with browser settings providing an easier way to control tracking cookies.

Companies have also taken the initiative in some respects. Some messaging services such as WhatsApp have enabled end-to-end encryption by default, protecting users’ messages from prying eyes – even the company’s – but it is not yet an industry-wide default. Rival services such as Google’s Allo and even Facebook’s own Messenger service require users to enable end-to-end encryption rather than offer it as the default setting.

Under scrutiny

WhatsApp has also come under scrutiny for plans to share some data on its users with parent company Facebook to feed into targeted ads on the social network.

A number of data protection authorities are investigating the plan, and it may be facing an antitrust investigation from the EU, with regulators claiming the company may have misled them when it sought approval to buy messaging service WhatsApp in 2014.

The social network faces fines of up to 1 per cent of annual sales for providing “incorrect or misleading information” during the EU’s 2014 review of the WhatsApp takeover.

Facebook has until January 31st to respond to the commission.

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist