Mobile, ICT sectors call for EU data privacy reform

data protection.jpg

The EU needs to tackle discrepancies between the proposed Data Protection Regulation and the 2002 ePrivacy Directive because they could create inconsistent privacy experiences and rights for consumers, say trade organisations representing the mobile and ICT sectors.

A consistent data protection framework is needed for both industry and consumers, say the operators. They support the harmonisation objective of the proposal, but want to stress that technology and service neutrality has not been sufficiently addressed yet.

"While policymakers may have felt specific telecom privacy rules were justified in the past, the rules no longer seem appropriate," said Martin Whitehead, director of GSMA Europe.

Whitehead, whose organisation represents the interests of mobile operators, added that it makes little sense to single out one particular sector when there is such a broad range of online service companies collecting and processing large volumes of functionally equivalent data.

"Against a background of global competition in innovative services, the co-existence of the ePrivacy Directive and General Data Protection Regulation would be incompatible with technology and service neutrality, and the need to provide users with consistent privacy experiences," Whitehead said.

The message was backed by the European Telecommunications Network Operators (ETNO), which represents fixed telecoms operators. Both GSMA and ETNO consider an overhaul of the European data protection rules as an opportunity to harmonise the handling of personal data across Europe.

"Were the current e-Privacy Directive and the proposed General Protection Regulation to co-exist, a number of difficulties which are already seen under existing regulatory regime, would be experienced by both businesses and consumers," said Daniel Pataki, the director of ETNO, which represents 38 member companies and 12 observers in the ICT sector in Europe.

He mentioned that telecoms companies and their consumers would face dual compliance regimes, and so be disadvantaged in competition. Consumers would face inconsistent privacy experiences for functionally equivalent services.

"They would need to be aware of whether a service was being provided by a telecoms operator or an online service provider in order to assess their rights," Pataki added.

The General Data Protection Regulation proposal (GDPR) introduces some of the elements included in the e-Privacy Directive into general privacy rules, such as data breach notifications.

As opposed to an EU Regulation, a Directive gives member states considerable leeway in implementing its rules into law.

Many member states have used that leeway to implement stricter rules than in the ePrivacy Directive (ePD).

Since all ePD references to the Data Protection Directive (DPD) will be construed as GDPR references, in consequence, depending on the outcome of the legislative process on the GDPR proposal, national laws transposing the ePD will need to be amended as well.

Yet, as these are rules from a Directive, Member States will be free to use their leeway in the implementation again. In many Member States, data protection authorities (DPA) are not responsible for the supervision of the ePrivacy rules, or may share responsibility with the national regulatory authorities for telecoms.

Business and industry

Subscribe to our newsletters