Facebook warns EU on extending telecoms rules to online firms

Social media group claims EU eprivacy directive has imposed extra costs on business

Extending the legal obligations applying to telecoms firms in the European Union's eprivacy directive to online services would be "unnecessary, discriminatory and disproportionate", Facebook has said.

In a submission to the European Commission on a review of the 2002 directive, Facebook Ireland Ltd said online services (such as its own) were different from "traditional telecoms services" and were not a complete or perfect replacement for them.

It was “fundamentally incorrect” to apply the same level of obligations that apply to traditional telecoms services to online services, Facebook said.

The commission is currently re-evaluating the directive, which aims to harmonise national provisions required to ensure an equivalent level of privacy protection in the processing of citizens’ personal data in the electronic communications sector.


Communications privacy

Answering a questionnaire supplemented by a lengthy submission, Facebook submitted that the current eprivacy directive had achieved little in terms of the full protection of privacy and confidentiality of communications across the EU.

It had also imposed additional costs on business, the company said.

Facebook said the provisions in the directive requiring user consent for the processing of traffic and location data in the directive should be deleted.

It insisted the processing of “all kinds of data” was already covered by the new general data-protection regulation, agreed at EU level last December and due to come into force in May 2018.

“There is no apparent necessity to treat traffic and location data any different to other kinds of data,” Facebook’s submission said.

"Also, this approach will result in redundant double regulation that further restricts companies' opportunities to use such data and [will] stifle innovation in Europe, which already faces heavy burdens by the GDPR."

Consent withdrawal

Traffic and location obligations, including in particular “an obligation to make this information anonymous and to delete this information in the event that users withdraw consent” were “simply inappropriate and do not apply as a practical matter in an online services environment”.

Facebook said that “in general” online services “may not have access to this type of data, which is typically held by traditional telecoms services providers”.

“Many information society services today are based on free, advertising-funded business models that keep the services free of charge for the user by allowing advertisers to show their advertisements to them,” the company wrote.

“Regulation should not unduly interfere with or stymie entities’ freedom to choose and develop innovative business models where there is a clear consumer demand for these business models.”

Unsolicited marketing

It also expressed concern that the differences in treatment in member states regarding the implementation of rules on unsolicited marketing had led to “a not insignificant degree of regulatory uncertainty for businesses, and contributed to a general lack of transparency for users”.

The eprivacy directive was last updated in 2009 to provide clearer rules on customers’ rights to privacy. New requirements were introduced on cookies and personal data breaches. The cookie law in particular has proven controversial, with many firms insisting the consent rules applying are unworkable.

The commission is analysing the replies to the public consultation and will publish a full report later in the year.