Europe proposes stricter privacy rules for messaging apps

Less than a year after passing a strict set of data-protection laws, and the European Commission is already proposing some additions to bring them up to speed with the current reality online. As it stands, web services and communications apps like Facebook Messenger, WhatsApp, Gmail and iMessage aren't subject to the same privacy rules that cover telecoms operators. If the commission's proposal is approved, Europe's ePrivacy Directive would be extended to cover those apps, while also adding some controversial new rules on how cookies are used.

Lumping in communications apps with telecoms providers actually limits the amount of data WhatsApp, Facebook and others can share, and web companies operating in the EU would have to guarantee that users' voice, text or email conversations are confidential. It also means that services like Gmail would no longer be able to serve advertisements based on the content of a user's email, unless that user explicitly opts-in -- which could potentially put a huge dent in revenue.

Meanwhile, the European Telecommunications Network Operators' Association still believes the proposal will hold its member groups to stricter regulations than their web-based competitors. The ETNOA also claims the updated regulations would limit future technology by restricting things like location data in connected cars, IoT devices and mobile apps.

On the other hand, as TechCrunch reports, the new rules would also open up some business opportunities for the telecoms, allowing them to use metadata to provide "additional services," such as sharing location data with cities or transportation companies to help plan new infrastructure. In cases like that, however, users would still need to consent to have their information shared.

The EC is also proposing to "streamline" the rules around when a site or service must alert the user that they are being cookied. While the EC claims their proposed changes will give individual users more control over their privacy settings, advertisers are arguing that the changes will actually add clutter to the web. According to the Interactive Advertising Bureau (whose members have an obvious incentive to cookie and track as many web users as possible), the new rules would "undeniably damage" their business model by forcing users to "more actively deal with constant requests for permission for the use of harmless cookies when visiting websites and using other digital services." However, certain "non-privacy intrusive" cookies -- like the ones that keep track of what's in your online shopping cart or monitor a site's web traffic -- won't require active consent.

Finally, as TechCrunch also notes, there are a few popular pieces of ePrivacy language missing from the proposed rules. One earlier proposal to turn off cookies in browsers by default was scrapped alongside a plan that would have allowed European citizens to bring class action lawsuits against companies that violate the privacy rules. At the time being, these are just proposals, and they still need to be debated and approved before they take effect, but the EC hopes to have everything finalized by May 2018.