The Commission is hoping to free up the potential of a data-based economy. On 10 January, it presented a raft of measures to allow businesses to make better use of personal data resulting from electronic communications. It also suggests tightening up the obligations of over-the-top (OTT) operators in terms of privacy.
In all, the Commission presented four texts and two public consultations: (1) a communication on the economy of data; (2) a communication on the exchange and protection of personal data in a globalised environment (see other article); (3) a draft regulation on privacy and electronic communications; (4) a draft regulation on the data protection rules applicable to the institutions of the European Union. The consultations will cover the creation of a European economy based on data and an assessment of the directive on the responsibility for defective products.
The most innovative proposals are to be found in the draft regulation on privacy and electronic communications. The idea is to provide traditional telecommunications operators with new opportunities and to include over-the-top services in the scope of application of the new rules. Essentially, the Commission is proposing to extend the general principle whereby electronic communications should be entirely confidential. However, it is introducing a considerable derogation to this principle: service-providers should be able to make more use of the personal data of customers who have given their prior consent. In other words, a service-provider will now be able to scan the content of its customers' emails, as long as it has their consent. A source explained that this consent may not be buried in the general terms and conditions for use. What will happen if the customer refuses? The Commission has not been terribly clear on this. It explains that this will depend on the content of the contract. A European official, who did not appear entirely confident on the matter, explained that customers refusing to give access to any of their personal data required for the operation of the service could be denied total access to the service, but this would apply only to the essential data. As for cookies, trackers that allow consumers' choices and behaviour to be monitored, the Commission is proposing to remove the boxes that currently regularly pop up on users' screens. In future, consumers will have to set the parameters on their own search engines themselves. A source told EUROPE that the provider of the search engine – for instance Google – will have to provide a notice inviting users to choose a default setting at the time of installation.
The proposal does not govern the use of ad blockers or encryption. Nor does it harmonise the rules on the retention of data: as with the current directive, it provides for the member states to be able to limit the confidentiality of the communications of individuals to safeguard one or more general public interests.
During the presentation, the Commission expressed its intention to see the new measures adopted by May 2018, when the general regulation on data protection –- which tackles data protection for individuals, rather than communications between businesses or between individuals as with the proposal under examination –- will enter into force.
According to a Eurobarometer survey carried out on 27,000 stakeholders, 70% of citizens take the view that the protection of their personal data is extremely important and that they should be asked their authorisation before this information is used. Nine out of ten respondents defend the encryption of data, and six out of ten of them feel that they receive too many unsolicited commercial offers over the telephone. The documents can be consulted at: http://europa.eu/rapid/press-release_IP-17-16_fr.htm (Original version in French by Sophie Petitjean)