Internet-based companies face stricter data security rules under draft changes that mirror upcoming data protection laws
The European Commission (EC) is to put forward new security rules that would tighten controls on how Skype, WhatsApp and other Internet-based communications services can use customers’ data under a proposal to be made public in January.
Under a draft proposal the Commission would extend rules that currently prohibit telecommunications operators from using customer data to offer new services and increase their profits to cover Internet services such as those offered by Microsoft, Facebook, Google and others.
Level playing field
The change would create fairer competition between telecoms and Internet companies, according to the draft, excerpts of which were published by Reuters.
The current situation, in which Internet services are comparatively lightly regulated, “creates a void of protection of confidentiality for the users of these services” and “generates an uneven playing field between these providers and electronic communications service providers”, the draft says.
The changes would oblige Internet companies to guarantee user confidentiality and obtain consent to use their location data and would also give telecoms companies the ability to use customers’ data with their consent.
The draft also suggests changes that would simplify the way cookies are used by websites.
“If browsers are equipped with such functionality, websites that want to set cookies for behavioural advertising purposes may not need to put in place banners requesting their consent insofar as users may provide their consent by selecting the right settings in their browser,” the draft states.
The draft is provisional and could undergo changes, according to Reuters.
The Commission declined to comment on the proposal but said in a statement that its review is intended to adapt existing rules to the sweeping new data protection regulation set to come into force in 2018.
Facebook has faced criticism by European data protection regulators over its decision earlier this year to begin processing the data of users of WhatsApp, which it bought in 2014.
The company said its practices comply with the law, but suspended merging the WhatsApp data while it continues to discuss the matter with regulators.
The upcoming data protection regulation obliges companies based abroad to comply with EU data laws if they do business within the bloc.
How much do you know about privacy? Try our quiz!