A legal opinion and a vote by MEPs could signal more restrictions on what social media and digital communications firms can do with users’ data
A Tuesday opinion by an adviser to the EU’s top court, coming after a vote on extended EU privacy rules last week, may see more restrictions placed on how social media networks such as Facebook and digital communications companies such as WhatsApp and Skype can use customers’ personal data.
Yves Bot, an advocate general of the EU Court of Justice, said in his opinion that data protection regulators in individual European countries could in some cases legitimately take direct action against Facebook over privacy issues, even though the firm’s European base is in Ireland.
Facebook has long argued only the Irish regulator has jurisdiction over the company.
The opinion was issued in a German dispute over a page set up by a user in that country, one of a number of privacy conflicts involving Facebook around Europe that take issue with the way the firm uses the data it collects on internet users.
Communications privacy changes
If the Luxembourg-based ECJ follows Bot’s opinion, its ruling would become law across the EU’s 28 member states, with the UK currently included amongst their number. Rulings usually come 4 to 6 months after an opinion.
The opinion follows a vote by the European Parliament’s Civil Liberties Committee last week that could see privacy rules that now apply only to telecommunications companies extended to digital services such as Skype and Facebook-owned WhatsApp.
By a margin of 31 votes to 24, MEPs on Thursday approved draft proposals that would extend the current telecommunications privacy rules.
The proposed changes, first announced in January, would impose “privacy by default” on digital companies, which would be required to guarantee the confidentiality of users’ data unless individuals have explicity opted into a data-sharing agreement.
The proposals are intended to prevent companies from, for instance, covertly tracking users’ movements through data collected by public Wi-Fi hotspots, or building profiles on them by tracking their browsing habits without their consent, MEPs said.
Ban on ‘cookie walls’
They would also prevent websites from blocking users who don’t accept cookies, pieces of code that can be used to track users’ habits.
The proposals would oblige internet companies to treat metadata including numbers called, websites visited, users’ geographical location, the times and dates of calls and other sensitive information as confidential and ban them from passing it on to third parties, restrictions currently faced by conventional telecoms companies.
“E-privacy can give a great competitive advantage to European companies and help them to create a real European model for digital economy, with high quality services, consumer trust and free choice,” said Marju Lauristin, the Estonian socialist MEP who authored the text.
Centre-right MEPs voted against the rules, saying they would restrict the ability of companies to process consumers’ data and would make it overly difficult to produce innovative services.
The Interactive Advertising Bureau (IAB) Europe also strongly opposed the decision, saying it would be disastrous for online publishers.
“Content that must be given away for nothing will ultimately end up being worth nothing,” stated IAB Europe chief executive Townsend Feehan.
For the changes to become law MEPs still need the support of EU member states, where there is no consensus on the issue.
Consumer rights group the European Consumer Organisation (BEUC) praised the vote, with director general Monique Goyens saying users “should not be forced to give up their privacy when they visit a website, send an email or purchase something online”.
“It’s alarming that the online companies who claim to be the trend-setters and the engine of the digital economy cling to an advertising business model based on snooping on people,” Goyens stated.
What do you know about the history of mobile messaging? Find out with our quiz!