Why ePrivacy must be reformed by Daniel Pataki, VP for Policy and Regulation, Head of Europe, Russia & CIS, GSMA, and Lise Fuhr, Director General, ETNO.
The European Union (EU) has a data inferiority complex. This risks undermining the bloc’s digital sovereignty goals and could hamper the long-term strategic interests of Europe’s citizens and businesses. The new ePrivacy Regulation proposal from the German presidency of the European Council would further aggravate the situation. Let us explain why.
Europe’s data sovereignty vision
Thierry Breton, European Commissioner for Internal market, has a vision “to make Europe a global data hub, both personal and industrial, benefiting all European economic players – SMEs, start-ups, large groups – and, of course, all European citizens”. We agree with him.
The COVID-19 pandemic has laid bare that Europe must leave behind the illusion that it can simply sit and regulate digital services developed by foreign companies. While regulation is critically important, there is no substitute for global industrial leadership. This is why the telecoms sector supports the new direction of European Commission President Ursula von der Leyen and Commissioner Breton: Europe must build industrial leadership at home and become an exporter of data-based services abroad.
This means unleashing European innovation in data, ranging from AI to cloud services, the industrial internet and more. The benefits are clear: digital products and services developed in Europe will be designed around our core values, with personal data and privacy on top of the list.
There should be no dilemma between privacy and innovation. The big question is: how do we foster European digital innovation in a privacy-friendly way and in coherence with European values? The answer must align the ePrivacy Regulation with the General Data Protection Regulation (GDPR), or risk failure.
Why a bad ePrivacy text will get in the way
European telcos have constructively engaged in the development of a new ePrivacy Regulation to replace the existing ePrivacy Directive. Why? Because the draft regulation finally extends the sacrosanct principle of confidentiality of communications from phone calls and SMS to include messaging apps and emails.
In addition, data processing has evolved dramatically since the old ePrivacy Directive, and fast-moving markets quickly require a new, flexible framework.
We also believe that there is an opportunity for the ePrivacy Regulation to spur innovation through alignment with the GDPR. For example, the GDPR allows “further processing” of data as far as it does not conflict with the original objectives set out in the agreement with the customer. However, under the existing ePrivacy Directive, this option does not exist for telecom operators.
As Member States started working on the text of the new ePrivacy Regulation, this difference became apparent and work was done to amend this inconsistency. The reference to “further processing” was therefore introduced by the Austrian Presidency of the Council, and reconfirmed by the following Romanian and the Finnish Presidencies.
However, to the surprise of European companies, big and small, ready to start innovating on data, the proposal recently put forward by the German EU Council presidency would blunt this innovation and significantly depart from the work of previous Presidencies.
It would perpetuate a situation in which European telecom innovators are double-regulated, while the rest of the world abides solely by the GDPR rules. European telecom companies seeking to innovate would be limited by sector-specific provisions in the new draft of the ePrivacy Regulation.
Not a telecom problem, but a European problem
The negative impact would extend far beyond the telecoms sector: European businesses of all sizes would struggle to deliver on Commissioner Breton’s vision to make “Europe a global data hub” for the benefit of citizens and the continent’s competitiveness.
For example, a “smart city” needs to use location data from smartphones or other communications devices to analyse patterns and cross-reference this information with datasets held by the city. This can be done by anonymising and aggregating data in a privacy-friendly way. To get to that result though, telecom providers need to work with ‘pseudonymised’ metadata. Overly restrictive ePrivacy measures that do not allow telecom providers to use pseudonymisation for metadata would stymie new services for governments, businesses and citizens.
Just take this example and multiply it by the number of potential innovations from European start-ups. The result: European businesses of all sizes would continue to trail foreign rivals, citizens would be stripped from a European choice and Europe’s digital competitiveness gap would widen.
We firmly believe data innovation can be privacy-friendly, and there is no valid reason for Europe to be merely a consumer of foreign digital services, dependent on American and Asian tech players. This would be bad for both competition and European citizens. The EU has the real potential to inject more competition into global digital markets. It must seize the day and adopt forward-looking regulations to deliver on its ambitions.
First published on POLITICO.eu on 10 November, 2020.