EU proposes privacy rules that extend to Gmail, Facebook Messenger, Skype
Consent rules could limit consumer data collection for ad targeting by messaging, email and phone service providers.
New rules proposed by the European Union on Tuesday stand to change the way Google, Facebook and other digital media companies and ad technology firms collect consumer data.
The updates, aimed at increasing and streamlining digital privacy protections for consumers across the European Union, would affect electronic communications services beyond traditional telecommunications operators and extend to email and messaging services such as Facebook Messenger, Gmail, iMessage, Skype and WhatsApp. Consumer consent will be required access to user devices and online behavior tracking from text messages, emails, and voice calls for use in ad targeting. Without user consent, metadata such as the time and location of a call will need to be deleted or anonymized, unless it is used for billing or other similar purposes.
In order to reduce the number of “cookie consent” banners users encounter when browsing the web, the proposed rules clarify that “no consent is needed for non-privacy intrusive cookies improving internet experience (e.g. cookies needed to remember shopping cart history, for filling in online forms over several pages, or for the login information for the same session). Cookies set by a visited website counting the number of visitors to that website will no longer require consent.”
Regarding ad blockers, consumers are permitted to use ad blockers, however, publishers do not have to get user consent to check if the end-user’s device is able to receive their content, including ads, under the proposed rules (“the Commission is aware that ‘free’ content on the internet is often funded by advertisement revenue”). Publishers can request users turn off ad-blockers in order to access their content.
The carrot for telecom companies under the new rules is the new ability to use metadata and communication data — with user consent — and package it for “public authorities and public transport operators,” for example.
The European Parliament and member states of the Council of Europe must approve the new proposals. The Commission hopes to have the new rules to be approved by the time the General Data Protection Regulation on May 25, 2018.