The European Commission is reported to be in the process of introducing new regulations for OTTs which will level the playing field for telcos in Europe.
In a draft document obtained by Politico, the e-privacy directive, which currently only applies to telcos, will be expanded to OTT services such as Microsoft’s Skype and Facebook’s Whatsapp, as the Commission lumbers towards some sort of decision on regulation. The telco industry has long been lobbying regulatory decision makers to address the imbalance in rules governing how telcos can monetize mined data, as there has been a general acceptance the OTTs has significantly more freedom.
In Nigeria, telcos had also on many occasions requested that the OTTs be brought under regulation, even as they bite from the telcos revenue. But the regulator, Nigerian Communications Commission has said it has yet to see any genuine for the regulation of the OTTs, adding that such move was also capable of stifling innovation. Fears are being expressed that the NCC wants to start regulating OTT services. These fears are misplaced. Dispelling rumour of a planned OTT regulation early this year, the Executive Vice Chairman of NCC, Prof. Umar Danbatta had said: “For the purpose of clarity, OTT services are services carried over the networks, delivering value to customers. But these services are without any carrier/service provider being involved in planning, selling, provisioning or servicing them, thereby implying that traditional telecoms companies cannot directly earn revenue from such services. These OTT services include services such as Internet Protocol (IP) telephony, live streaming and other social media applications. At best, the technology is disruptive and global responses have been mixed. What the NCC paper has done is to elevate the value and quality of discourse on the issue”.
The EVC also added that “the regulator’s objective should be to catalyse additional opportunities offered by OTT services to the benefit of the consumer. Its objective should be to support competition, while avoiding the OTT related risks in the areas of security and data protection. One salient conclusion in the OTT Services report published by the commission is that it acknowledged the fears of traditional telecoms service providers that traditional telephony and SMS revenues are under threat from newer, IP-based alternatives like WhatsApp, Skype, Viber, etc.”
Meanwhile, the draft by the European Commission wants to extend the rules to ensure the OTTs will have to guarantee the confidentiality of communications and obtain the users’ consent to process their location data, mirroring similar provisions included in the Gaggle of Red-tapers’ General Data Protection Regulations (GDPR), set to come into force in 2018.
“This creates a void of protection of confidentiality for the users of these services,” the draft reads, referring to the OTTs. “Moreover, it generates an uneven playing field between these providers and electronic communications service providers, as services which are perceived by users as functionally equivalent are not subject to the same rules.”
While the telcos have been begging for equality in the digital economy, this may not be what they had in mind. You do have to feel a bit sorry for the cumbersome telcos, they have had revenues shattered by the OTTs who are offering very similar services, but playing to a different rule book. The parity maybe welcomed by the telcos, and will give them the opportunity to monetize data in a similar manner to OTTs and open up new revenue channels.
The proposal will also remove the obligation on websites to ask visitors for permission to place cookies on their browsers, which currently appears via a banner, assuming the user has already consented through the privacy settings of the web browser.
“If browsers are equipped with such functionality, websites that want to set cookies for behavioural advertising purposes may not need to put in place banners requesting their consent insofar as users may provide their consent by selecting the right settings in their browser,” the draft said. The proposal is set to be unveiled in January as a late-Christmas present from the Gaggle of Red-tapers to itself. After all, the Gaggle of Red-tapers wouldn’t be the party-animals they were if they weren’t given the opportunity to throw their red-tape all over the shop and complicate matters.
WhatsApp and Skype Targeted
The European Commission plans to legislate for smartphones and apps to be designed with privacy in mind, according to the draft of a future ePrivacy Regulation leaked in December 2016.
Skype, WhatsApp and services like them could soon fall under the same European Union regulations as telephone calls and SMS text messages, a leaked legislative draft reveals.
Although Skype and WhatsApp can both be used to make voice calls and send text messages, they don’t fall under existing EU communications privacy legislation because they are data services that run over the top of an internet connection, rather than native functions of the network like phone calls and SMS.
But legislators want to bring such “over-the-top” services within the scope of rules protecting users’ privacy with their proposed Privacy and Electronic Communications Regulation, a draft of which was obtained by Politico. The regulation is intended to replace the 2002 ePrivacy Directive.
The new regulation calls for all electronic communications to be confidential. Processing or interfering with such communications without the end users’ consent, including by listening, tapping, storing, monitoring or other kinds of interception and surveillance, shall be prohibited, the draft regulation says.
The ePrivacy Directive was last updated in 2009, at the dawn of the smartphone app era, and much has changed for users of telecommunications services since.
For one thing, while mobile phone users still send billions of SMS text messages a day, usage of over-the-top messaging services overtook SMS years ago. By January 2015, WhatsApp said its messaging traffic alone exceeded that of SMS by 50 per cent.
The draft regulation expands the definition of electronic communications to encompass new services delivered by apps rather than dedicated hardware.
Under the proposed rules, privacy is an option — but it’s one that must always be turned on by default, allowing users to opt out of it, rather than requiring them to opt in.
Article 10 of the leaked draft, titled “Privacy by design,” requires: “The settings of all the components of the terminal equipment placed on the market shall be configured to, by default, prevent third parties from storing information, processing information already stored in the terminal equipment and preventing the use by third parties of the equipment’s processing capabilities.”
Furthermore, it says, “Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the Internet, shall be configured to by default prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment.”
The draft regulation ought to put an end to spam, with its stipulation (in Article 16, Unsolicited communications) that, “The use of electronic communications services by natural or legal persons for the purposes of transmitting direct marketing communications is allowed only in respect of end-users who have given their prior consent.”
One of the more controversial provisions of the 2009 update to the ePrivacy laws was the requirement that websites targeting EU readers should request permission before setting cookies.
Under the new draft, that requirement will be softened in a number of ways. Sites can look at browser settings allowing or rejecting cookies and apply those without having to ask the user, while cookies essential to the operation of a site can be set without notice. The preamble to the regulation gives examples of essential uses, such as to remember language preferences, or to keep track of users’ input when filling in forms over several pages.
But there are some warning signs: “Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a site,” the draft’s preamble notes without further explanation. Most website visitors would not object to their visit being counted in this way by the site’s operator, which is already aware of it. The privacy issues arise when information about the visit is tracked by a third party, correlated with all the other sites visited by the same user, and then sold on to others.
Thus, messaging services such as Microsoft’s Skype and Facebook’s WhatsApp face stricter rules on how they handle customer data under new security laws due to be proposed by the European Union, according to a draft document seen by Reuters.
The EU executive wants to extend some rules that now only apply to telecom operators to web companies offering calls and messages using the internet, known as “Over-The-Top” (OTT) services, according to the draft.
Web services will have to guarantee the confidentiality of communications and obtain users’ consent to process their location data, mirroring similar provisions included in a separate data protection law due to come into force in 2018.
Telecoms firms have long complained that companies such as Alphabet’s Google, Microsoft and Facebook are more lightly regulated, despite offering similar services.
The phone companies have called for European Union rules specific to telecoms firms—known as the e-privacy directive—either to be repealed or extended to everyone.
“This creates a void of protection of confidentiality for the users of these services,” the draft said, referring to OTTs.
“Moreover, it generates an uneven playing field between these providers and electronic communications service providers, as services which are perceived by users as functionally equivalent are not subject to the same rules.”
A European Commission spokeswoman declined to comment on the draft but said the aim of the review was to adapt the rules to the data protection regulation which will come into force in 2018 and simplify the provisions for cookies.
Telecom companies, barred by current rules from using customer data to provide additional services and make more money, will be able to use customer data with their consent, according to the proposal.
It would also remove the obligation on websites to ask visitors for permission to place cookies on their browsers via a banner if the user has already consented through the privacy settings of the web browser.
Cookies are placed on web surfers’ computers and contain bits of information about the user, such as what other sites they have visited or where they are logging in from. They are widely used by companies to deliver targeted ads to users.
“If browsers are equipped with such functionality, websites that want to set cookies for behavioural advertising purposes may not need to put in place banners requesting their consent insofar as users may provide their consent by selecting the right settings in their browser,” the draft said.
Many have questioned the effectiveness of such cookie banners which appear every time a user lands on a website because people tend to accept them without necessarily reading what that entails.
“While such banners serve to empower users, at the same time, they may cause irritation because users are forced to read the notices and click on the boxes, thus impairing internet browsing experience,” the draft said.
The proposal is set to be unveiled this January 2017 and may still undergo changes.
German Chancellor Angela Merkel speaking at Germany’s 10th National IT Summit in November, called for EU Member States to take a pragmatic approach to the application of EU data protection laws. She warned that a restrictive interpretation of data protection laws risks undermining the development of big data projects in the EU.
Ahead of the introduction of the General Data Protection Regulation throughout the EU in May 2018, Merkel argued that, more than simply preventing the excesses of personal data use, data protection law should serve to enable emerging data developments.
Chancellor Merkel’s comments are significant given that Germany typically has taken a hard-line approach to data protection law interpretation and enforcement, particularly with respect to data minimization requirements that can pose challenges to big data developments in the digital economy.