European Commission proposes tighter data protection rules

A key proposal in the Regulation on Privacy and Electronic Communications extends privacy rules to new providers of communications services like WhatsApp and Facebook Messenger.

The ePrivacy Directive only applies to traditional telecoms operators.

The proposed Regulation also guarantees the privacy of both content and metadata derived from electronic communications.

Both have a high privacy component and, under the proposed rules, will need to be anonymised or deleted if users have not given their consent, unless the data is required for instance for billing purposes.

The European Commission yesterday called on the European Parliament and European Council to allow the measures to be implemented by 25 May 2018, when the GDPR enters into force.

The Commission said it wanted to provide citizens and businesses with “a fully-fledged and complete legal framework for privacy and data protection in Europe” by this date.

Frans Timmermans, first vice-president of the Commission, said: “Our proposals will complete the EU data protection framework. They will ensure that the privacy of electronic communications is protected by up to date and effective rules, and that European institutions will apply the same high standards that we expect from our Member States.”

Along with the proposed Regulation, the Commission also presented a proposed Communication setting out a strategic approach to the issue of international personal data transfers.