08 Jan Op-ed: ePrivacy rules could threaten technological innovation
EU governments, as part of the Council of the EU, should insist that the European Institutions take a principles-based, technology neutral approach to updating the ePrivacy Directive so as to preserve privacy rights, regulate technology effectively and promote innovation.
Specifically, the Council should seek to reorient the approach taken in the European Commission’s draft ePrivacy regulation that was recently endorsed by the European Parliament.
The Commission has failed to take into account the development and variety of new digital services along with the digitization of traditional industries. Instead, it has simply extended obligations that currently apply to traditional telecom operators to all over-the-top communication services, machine-to-machine applications, and content services with communications capability.
This approach may seem convenient, but it will cripple the delivery and prospects of positive digital transformation in Europe.
The fundamental goal of protecting privacy and preserving the confidentiality of communications is not in issue. However, the embrace of this important principle cannot be legislated in the same way that it was 20 years ago.
Where traditional communication services involved simple transmission mechanisms, such as letter delivery and telephone links, cloud-based platforms include a much wider range of functions that make our lives more convenient. Each of these functions is based on natural language machine learning, which relies on innovative uses of the data generated by communication services.
Even as we enjoy these new features, we expect our privacy rights to be preserved. Just as we understood that letter carriers would not read our mail and that telephone operators would not listen to our conversations, we similarly expect that those handling our web-enabled communications will ensure their confidentiality.
We need, however, to be thoughtful in how we apply the principle of communications confidentiality. Simply saying “only users can access communications” makes little sense today. Cloud-based communication services, with their value-added features, are made possible through the processing of content and metadata – including, in some cases, when messages are in transit.
Just as a doctor treats one patient and then applies the experience he gains to help improve the treatment of his next patient, the quality of modern services improves through machine learning techniques that rely on the accumulation of data. In neither case is the confidentiality of individual’s data compromised.
As it stands now, the draft of the ePrivacy regulation constitutes a threat to innovation and confuses stakeholders. Europe’s innovative industries are engaging closely with European Union institutions and member states to correct the draft’s infirmities and ensure a positive outcome to the ePrivacy negotiations. Member States should prioritize further aligning ePrivacy to similar and overlapping provisions in the GDPR and clarify the scope of services and data to which it applies.
We all need legislation that is both principled and forward-thinking. We urge that the Council advocates forcefully for not only the fundamental right of privacy, but also the embrace of new technologies.