Between Scylla and Charybdis – the fate of the e-privacy regulation

We found the image here.

As the hype around the EU General Data Protection Regulation’s entry into force begins to die down, confidentiality of digital communications in Europe is facing a new challenge.

On one side, companies are lobbying to prevent the finalisation of the proposal for a new e-privacy regulation to protect privacy of communications and prevent unauthorised access to the data stored on devices, and the tracking of individual’s behaviour online.

On the other, a group of powerful European states, including the United Kingdom, are seeking to circumvent legally binding judgments of the Court of Justice of the European Union which twice ruled against indiscriminate retention of communications data.

Stuck between these two monsters of corporate and state surveillance is the e-privacy proposal, launched by the European Commission in early 2017 and strengthened by the European Parliament over 8 months ago.

Data protection authorities and civil society organisations across Europe are all in agreement that this regulation is needed, given the significant threats to individuals' rights to privacy, freedom of expression, and trust in the digital economy. These risks have been brought into sharp focus recently. The Facebook/Cambridge Analytica scandal has further raised the current public distrust in companies. Facebook and other companies have repeatedly demonstrated that data exploitation is the norm, unless and until publicly exposed or forced to change their behavior by law. The societal implications are profound, particularly - as noted by the European Data Protection Supervisor - given that this case represents the “tip of the iceberg”.

Companies are now resorting to ask governments to take more time to reflect on the proposal - an obvious tactic to prevent the regulation from being finalised before the next European Parliament’s election. Instead, civil society organisations have long been ready with suggestions to strengthen the text and deliver the objectives of the reform: confidentiality and security of communications, clarity of the legal framework, strengthening of public trust in the digital economy, and support of innovation.

On 8 June the European ministers of telecommunications will meet and discuss the draft proposal. Privacy International recommends that governments steer clear of Scylla and Charybdis by:

• Finalise their ‘General Approach’ so that negotiations can begin with the European Parliament with the view of an adoption of a strong ePrivacy Regulation by end of 2018 that aligns with and strengthens the protections in the GDPR;
• Support the effective protection of the privacy and security of communications, including by supporting a provision that ensures privacy by design and by default in both software and hardware;
• Reject attempts to exclude from the scope of the regulation processing on grounds of national security and defense, or to circumvent the prohibition of indiscriminate data retention.