News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Tracker Privacy Tracker

Alerts and legal analysis of legislative trends

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Member Directory Privacy List Career Central
Celebrate Data Privacy Day

Grab the official IAPP Data Privacy Day Swag Bag and find a celebration near you as we mark Data Privacy Day with a month of activities.

 Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 Member Directory

Locate and network with fellow privacy professionals using this peer-to-peer directory.
Overview Online Training Live Online Training In-Person Training Books Sample Questions Train Your Staff Official Training Partners Web Conferences
European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 CCPA Training

Gain the knowledge needed to address the widest-reaching consumer information privacy law in the U.S.

 GDPR Training

Learn the legal, operational and compliance requirements of the EU regulation and its global influence.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 CIPP/E + CIPM = GDPR Ready CIPP/E + CIPM = GDPR Ready

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for GDPR readiness. Learn more today.

 Certification CDPO Certification CDPO

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools Research Glossary DPAs FTC Casebook Enforcement Database IAPP Westin Research Center Jobs Privacy Vendor Marketplace
Privacy Vendor Marketplace Privacy Vendor Marketplace

Use the Vendor Demo Center, Privacy Vendor List and Privacy Tech Vendor Report to easily identify privacy products and services to support your work.
COVID-19 Resources

Access a collection of privacy news, resources, guidance and tools covering the COVID-19 global outbreak.
CCPA Genius

This tool maps requirements in the law to specific provisions, the proposed regulations, expert analysis and guidance regarding compliance, the ballot initiative, and more.
GDPR Genius

This interactive tool provides IAPP members access to critical GDPR resources — all in one location.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
White Papers

Access all white papers published by the IAPP.
IAPP Reports and Surveys

Access all reports and surveys published by the IAPP.
US State Law Tracker

The IAPP’s state law comparison tracker consists of proposed and enacted comprehensive privacy bills from across the U.S.
Schrems II FAQ & Resources

This FAQs page addresses topics such as the EU-U.S. Privacy Shield agreement, standard contractual clauses and binding corporate rules.
Europe Data Protection Congress Online 2020 Europe Data Protection Congress Online 2020

Create your own customised programme of European data protection presentations from the rich menu of online content.

 Privacy. Security. Risk. Online 2020 Privacy. Security. Risk. Online 2020

Explore the privacy/technology convergence by selecting live and on-demand sessions from this new web series. Customize your own learning and neworking program!

Data Protection Intensives Data Protection Intensives

Choose from four DPI events near you each year for in-depth looks at practical and operational aspects of data protection.

Global Privacy Summit Global Privacy Summit

The world’s top privacy conference. Whether you work in the public or private sector, anywhere in the world, the Summit is your can't-miss event.

 Canada Privacy Symposium Canada Privacy Symposium

Find answers to your privacy questions from keynote speakers and panellists who are experts in Canadian data protection.

 Asia Privacy Forum Asia Privacy Forum

World-class discussion and education on the top privacy issues in Asia Pacific and around the globe.

ANZ Summit ANZ Summit

Delivering world-class discussion and education on the top privacy issues in Australia, New Zealand and around the globe.

Europe Data Protection Congress Europe Data Protection Congress

The hub of European privacy policy debate, thought leadership and strategic thinking with data protection professionals.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

 ANZ Members

Review current member benefits available to Australia and New Zealand members
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, August 19, 2016 Related reading: Biden appoints Christopher Hoff to oversee Privacy Shield talks

rss_feed

""

""

""

Greetings from Brussels!

It doesn’t look like it's going to get easier for privacy pros just yet. There's been much discussion this week about the ePrivacy Directive as Europe looks to tighten the regulatory grip on online services companies, with the aim of safeguarding users’ privacy. A major overhaul of EU rules on telecoms is expected, with draft proposals to be presented sometime in September.

The European Commission, through its review, is stating that so-called "over-the-top" (often shortened to OTT) service providers — such as Skype, FaceTime and WhatsApp — that use existing telecom and internet infrastructure to provide their services should be regulated in a similar fashion to those more traditional services that they are rapidly replacing; think SMS text and traditional voice calling. In the future, these providers will likely be expected to abide by the current regime of security and confidentiality provisions in place for traditional communications providers, if the reported commission recommendations come into effect. This would mean in practice that OTTs would be made subject to obligations around interception and the processing of data traffic.

The existing EU rules also allow national governments to restrict the right to confidentiality for national security and law-enforcement purposes. Many tech companies, such as Facebook and Google, already offer end-to-end encryption on their messaging and email services. They argue there is no need to extend the telecoms rules to web services and that the EU should not dictate how they protect their users’ communications. In response to the EC’s public consultation on the ePrivacy reform, Facebook, which uses full-scale encryption on WhatsApp, argues an interesting point. By extending the rules to online messaging, in effect the company holds that it would no longer be able to guarantee the security and confidentiality of communication through encryption, as governments would have the option of restriction in the interests of national security or for law enforcement needs. The question is: Would extending the Directive in this sense not have the opposite effect of undermining the user privacy it proposes to protect? It is still early days regarding the overhaul, however, and the European Commission has yet to determine what confidentiality obligations will be proposed for web firms.

Jan Philipp Albrecht MEP, and relentless campaigner for data privacy, said: “It was obvious that there needs to be an adjustment to the reality of today. We see telecoms providers being replaced and those companies who seek to replace them need to be treated in the same way.” Albrecht went on to say that one of his priorities is tough new rules on encryption. The Edward Snowden revelations have made it clear that “every communication needs to be end-to-end encrypted.” The EDPS position is similar, as I highlighted in my Notes of 29 July.

In many respects, this latest debate only goes further to highlight the clear case of opposing culture in what concerns regulating the internet; there is a divergence between the U.S. and Europe on this matter. Simply put, in the U.S., the fundamental right to freedom of speech matters most, governing a more liberal approach to legislation; whereas Europe seems to be increasingly embracing and protecting the right to privacy. Ironically, while Europe tightens its privacy legislation, the impact is largely felt by a predominance of U.S. companies. The messaging technology sector, generally seen as a saturated market, is dominated by U.S. entities, with little chance of a European entrant disrupting any of the big players. Of the 10 biggest messaging services by number of users, just one brand, Skype, was founded in Europe, and now it is owned by Microsoft. One could reasonably argue that while Europe might have failed to penetrate this sector, the EU seems determined to claim a stake in its regulatory arena.

A final draft of proposals for the new ePrivacy Directive is expected by the end of the year before it goes to the European Parliament. In the meantime, you can expect extensive debate among the Member States, as well as a concerted lobbying effort on the part of both the telecoms and OTT players, both in Brussels and capital cities across Europe. Where the line will be drawn at the end of the day is anyone’s guess.

Author
Headshot Paul Jordan IAPP Staff Contributor
Tags
Europe
Comments

If you want to comment on this post, you need to login.

Related Stories
Datatilsynet issues pair of GDPR fines
Norway's data protection authority, Datatilsynet, issued a pair of NOK 400,000 fines for violations of the EU General Data Protection Regulation. Coop Finnmark received the first fine after it was discovered a store manager shared surveillance footage taken with a mobile phone without a legal basis....
Read More queue Save This
Op-ed: Google’s privacy updates suffer a flaw  
In an op-ed, Gizmodo Data Reporter Shoshana Wodinsky wrote Google’s blog response to an antitrust suit led by Texas Attorney General Ken Paxton “deserved some debunking.” The company’s claim that it has “given people granular controls over how their information is used to personalize ads and limited...
Read More queue Save This
EDPB, EDPS publish joint opinions on draft SCCs
The European Data Protection Board and European Data Protection Supervisor published their joint opinions on the European Commission's Implementing Decision on standard contractual clauses. The opinions cover the SCCs between controllers and processors and the transfer of data to third countries. Th...
Read More queue Save This

""

Related Stories
Tags
Europe
Recent Comments