The EU's data security watchdog has warned of “serious implications” for privacy and data protection if a disproportionate approach is taken to ensure net neutrality like filtering network traffic on a grand scale.
Though net neutrality means that traffic should not be tampered with, experts admit that guranteeing the same level of service for users involves some traffic management which privacy watchdogs warn could become invasive.
In an opinion issued last Friday (7 October), the European Data Protection Supervisor (EDPS) warns against “certain inspection techniques used by ISPs [internet service providers] which may be highly privacy-intrusive, especially when they reveal the content of individuals’ internet communications, including emails sent or received, websites visited and files downloaded.”
“It is therefore crucial that compliance with data protection rules be closely monitored,” concludes the EDPS.
In the near future, internet service providers (ISPs) may be allowed or requested to monitor the traffic of data on the net with the aim of filtering or restricting internet access. This already happens in certain circumstances when operators block or hamper access to certain services on the internet.
As the Commission itself acknowledged in a recent document on net neutrality, “a classic example of this would be mobile internet operators blocking voice over internet protocol (VoIP)” services, such as Skype.
Operators argue that filtering is necessary to allow a functioning traffic management which ultimately benefits all internet users and prevents congestion of the net.
But, as more services migrate to the web, operators may be increasingly tempted to block or slow down other services which compete with their own or do not yield much profit, effectively creating fast lanes and slow lanes for different services.
“The concept of net neutrality builds on the view that information on the internet should be transmitted impartially, without regard to content, destination or source,” argues the European Data Protection Supervisor, Peter Hustinx.
When traffic management turns to be necessary, it should be done in a way that guarantees the fundamental right to privacy and data security of internet users, goes his argument. But this is not always the case.
The European Commission did not take a definitive position on traffic management in its communication on net neutrality published last April, but made clear that further monitoring of dubious practices was required and could amount to possible regulatory measures.
“If significant and persistent problems are substantiated, and the system as a whole is not ensuring that consumers are easily able to access and distribute content, services and applications of their choice via a single internet subscription, the Commission will assess the need for more stringent measures to achieve competition and the choice consumers deserve,” concluded the EU Executive’s document.
The analysis is still ongoing and should bring concrete results by the end of the year when Brussels may be forced to provide “additional guidance” on net neutrality, as pledged in the April paper.
The EDPS opinion comes as the debate is still wide open and tends to influence the final decision on what constitutes harmful traffic management.
The EDPS is in charge of monitoring the respect of privacy and data protection by the EU institutions when they deal with citizens’ personal information. His opinions, however, reach a wider audience and have traditionally influenced policy decisions in the field of privacy and data protection.