Messaging services such as Microsoft’s Skype and Facebook’s WhatsApp face stricter rules on how they handle customer data under new security laws due to be proposed by the European Union, according to a draft document seen by Reuters.
The EU executive wants to extend some rules that now only apply to telecom operators to web companies offering calls and messages using the internet, known as “Over-The-Top” (OTT) services, according to the draft.
Web services will have to guarantee the confidentiality of communications and obtain users’ consent to process their location data, mirroring similar provisions included in a separate data protection law due to come into force in 2018.
Telecoms firms have long complained that companies such as Alphabet Inc’s Google, Microsoft and Facebook are more lightly regulated, despite offering similar services.
The phone companies have called for European Union rules specific to telecoms firms – known as the e-privacy directive – either to be repealed or extended to everyone. “This creates a void of protection of confidentiality for the users of these services,” the draft said, referring to OTTs.
“Moreover, it generates an uneven playing field between these providers and electronic communications service providers, as services which are perceived by users as functionally equivalent are not subject to the same rules.”
A European Commission spokeswoman declined to comment on the draft but said the aim of the review was to adapt the rules to the data protection regulation which will come into force in 2018 and simplify the provisions for cookies.
Telecom companies, barred by current rules from using customer data to provide additional services and make more money, will be able to use customer data with their consent, according to the proposal.
It would also remove the obligation on websites to ask visitors for permission to place cookies on their browsers via a banner if the user has already consented through the privacy settings of the web browser.
Cookies are placed on web surfers’ computers and contain bits of information about the user, such as what other sites they have visited or where they are logging in from. They are widely used by companies to deliver targeted ads to users.
“If browsers are equipped with such functionality, websites that want to set cookies for behavioral advertising purposes may not need to put in place banners requesting their consent insofar as users may provide their consent by selecting the right settings in their browser,” the draft said.
Many have questioned the effectiveness of such cookie banners which appear every time a user lands on a website because people tend to accept them without necessarily reading what that entails.
“While such banners serve to empower users, at the same time, they may cause irritation because users are forced to read the notices and click on the boxes, thus impairing internet browsing experience,” the draft said.
The proposal is set to be unveiled in January and may still undergo changes.