The Daily Swig Web security digest

The cookie crumbles – MEPs call for stronger online privacy laws

James Walker | 24 October 2017 at 12:00

Despite a majority vote, ‘privacy by default’ legislation is not without its detractors.

With European consumers increasingly relying upon electronic communication tools such as WhatsApp and Skype, the European Parliament is looking to establish stronger ePrivacy rules for vendors of VOIP technology and instant messaging software.

Last week, the Civil Liberties Committee approved draft proposals aimed at ensuring high standards of privacy, confidentiality, and security in electronic communications across the EU.

The legislation would apply to SMS and telephone services, and would update the EU’s existing ePrivacy rules to cover recently introduced internet-enabled services such as WhatsApp, Skype, Messenger, and Facebook.

The text, drafted by Estonian Social Democrat and MEP Marju Lauristin, calls for a clampdown on organizations’ ability to snoop on personal devices via cookies or software updates, or tracking people without their clear approval through public hotspots or WiFi in shopping centers.

Proponents of the legislation agree that “privacy by default” settings should become standard for all software used for electronic communications, while service providers must integrate strong encryption.

The text also tables a ban on so-called ‘cookie walls’, which block access to a website if the person does not agree to his or her data being used by the host site. And for those who do, their metadata should be treated as confidential and never passed on to third parties.

Parliament’s lead MEP on the directive Marju Lauristin (S&D, ET) said: “E-privacy can give a great competitive advantage to European companies and help them to create a real European model for digital economy, with high quality services, consumer trust and free choice,” Lauristin said.

The current directive on privacy in the electronic communication sector was last updated in 2009. And while the new proposals are intended to ensure the fundamental right to privacy and protection of personal data as enshrined in the EU treaties, the privacy by default legislation is not without its detractors.

Twenty-four out of 56 MEPs voted against the ePrivacy bill, with many center-right politicians rejecting the proposals amid concerns it will restrict companies’ ability to process consumer data.

“The confidentiality of communications is a fundamental right of EU citizens, and there is no doubt that we need to protect it,” said Polish MEP Michał Boni.

“However, it is equally important to acknowledge that data processing, with respect for fundamental rights and necessary safeguards, is essential for digital innovation and for the business opportunities of European companies, which provide millions of jobs throughout the EU.

Others, however, argued the rules would give European technology group an advantage over their American counterparts by winning over consumer trust.

“Many European tech firms have already realized that they can be ahead of Silicon Valley in the future if they put a strong focus on confidentiality and data protection rules,” said German Green MEP Jan Philipp Albrecht.