Members of the European Parliament’s civil liberties committee handed privacy and data protection advocates a big win Thursday when they put Rapporteur Marju Lauristin's proposals on the ePrivacy Regulation to the vote. The MEPs approved Lauristin's report 31 to 25 and granted a mandate for further negotiations. It’s a hugely significant piece of legislation that will impact data protection landscape for decades to come.
Most privacy advocates were thrilled: End-to-end encryption got the thumbs up, and so-called “backdoors” that would allow the reading of encrypted messaging were categorically ruled out.
Lauristin’s report says, “The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorized access or alterations to the electronic communications data and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used, or by state-of-the-art end-to-end encryption of the electronic communications data.
“Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited.”
Overall, the approved text saw no expansion of the legal bases for data processing — reliance will be on consent, in line with GDPR.
“With few exceptions, internet companies and communication providers should only be able to use the data of users with their consent. Users must be able to trust that their surfing and communication behavior will not be evaluated or passed on. Exceptions only apply to statistical measurements of user behavior and to ensure IT security by the communication providers,” MEP Jan Philipp Albrecht explained.
On the tracking wall ban, Albrecht told The Privacy Advisor, “Even if users deny consent, websites cannot prevent them from accessing the site. If, for example, publishers want to protect their content, they can do so with a paywall, not a data wall."
German MEP Cornelia Ernst told The Privacy Advisor, “Despite massive lobbying from all the big players of the internet industry, the committee today has adopted a half-decent compromise that has the potential to proof our societies for an increasingly digital future. It has a clear 'no' to any further processing of telecommunications metadata, a ban on offline tracking and privacy by default for software settings. The text is far from perfect — it still includes web audience measurement — and negotiations with the council have to follow. For the law, in the end, a lot is still open."
MEP Sophie in't Veld was also broadly pleased: “This allows us to modernize a directive drafted when everybody called a landline. Revision of the law is so desperately needed in order to better protect our online privacy. Innovative advertisers can thus manage well. But companies that run on violating the privacy of their users will really have to adapt. The European Parliament is today seen to stand up for the rights of users.”
The new law will also extend the confidentiality of electronic communications to services like WhatsApp and Facebook Messenger.
Questions of further processing of data for compatible purposes or “legitimate interests” were not specifically voted on in the LIBE committee. Thanks to a political compromise, these were already off the table.
However, political compromise was far from the norm in the negotiations as a huge split developed between the European People’s Party and other groups. Before the vote, Albrecht called the EPP position “utterly shady” and accused it of siding with “the profit interests of large U.S. corporations” over the interests of consumers.
“But today it is important to say clearly that we have managed to get the legally qualified majority for negotiations,” he said. “The only option to change that is to get a vote in plenary to open up the text for some added amendments. Some EPP radicals may be going to try that. If that happens, the majority will be similar.
“In my view, it has been very clear that the ‘lefties’ will be standing together. There are even some individual members of the EPP and ECR (European Conservatives and Reformists) who might support our amends in plenary. And of course, if they want to change it they need a majority against us. So it’s complicated for them and I don’t think they will manage,” Albrecht concluded.
According to a Corporate Europe Observatory (CEO) report this week, industry lobbyists have been vigorously opposing the proposals on ePrivacy for the past 16 months, with some obvious success among EPP members.
“The corporate campaign, concerned about how its bottom line would be affected, tried to reframe the debate so that it is not about privacy, but instead about media plurality, combating fake news, and even the future of the internet,” said the CEO report.
Despite the LIBE vote, companies that provide online advertising will continue to lobby, based on fears that ePrivacy changes will undercut their current business model of tracking users’ web-browsing and analyzing metadata and content in communications.
The mandate for the forthcoming negotiations with the Council means that all eyes will now turn to the national representatives, so the lobbying is not over yet.
photo credit: European Parliament EU budget: MEPs want more flexibility and policy debate via photopin (license)