New technological developments, including the spread of internet-based communications services, call for a modernisation of the ePrivacy rules, currently covering only traditional telecoms providers. In particular, today's rules do not apply to providers of the popular internet-based voice and messaging services – also known as "over-the-top" services – which are used by Europeans instead of, or in addition to, their mobile phones or fixed connections.
Eurobarometer: call for a high level of privacy protection
A large majority of the 27,000 respondents to the Eurobarometer survey say that the privacy of their personal information, their online communications and their online behaviour is very important. In particular:
- More than seven in ten (72%) state that it is very important that the confidentiality of their e-mails and online instant messaging is guaranteed.
- More than seven in ten respondents (71%) think it is not acceptable for companies to share information about them without their permission, even if it helps companies to provide new services they might like.
- Almost eight in ten say (78%) it is very important that personal information on their computer, smartphone or tablet can only be accessed with their permission.
- Almost two thirds of respondents (64%) say it is unacceptable to have their online activities monitored in exchange for unrestricted access to a certain website, while four in ten (40%) avoid certain websites because they are worried their online activities would be monitored.
- Almost nine in ten respondents (89%) agree with the proposal that the default settings of their browser should stop their information from being shared.
- Nine in ten agree they should be able to encrypt their messages and calls, so they can only be read by the recipient (90%).
- More than six in ten (61%) say they receive too many unsolicited commercial calls. An almost similar number (59%) would like commercial calls to be displayed with a special prefix.
Public consultation: a mixed picture
The European Commission also ran a public consultation between 12 April and 5 July on the review of the ePrivacy Directive. 421 replies were received from citizens, consumer and civil society associations, industry actors and public authorities – such as government and national enforcement authorities of the ePrivacy Directive. The key findings of the consultation are:
- 83% of citizens, consumer and civil society organisations responding to the consultation consider it relevant to have specific ePrivacy rules for the electronic communications sector on confidentiality, while 63% of industry respondents do not see this added-value.
- 76% of citizens, consumer and civil society organisations consider that the ePrivacy Directive has been ineffective in achieving its objective of ensuring full protection of privacy and confidentiality of communications across the EU. One of the reasons cited is the limited scope of application of the ePrivacy Directive, excluding over-the-top service providers. On the other hand 57% of industry believes the Directive has achieved this objective.
- 76% of citizens, consumer and civil society organisations and 93% of public authorities believe the rules should (in part) be broadened to cover over-the-top service providers. On the contrary, industry is more divided as 42% do not want the scope to be broadened while 36% do.
The results of the Eurobarometer on ePrivacy and of the public consultation will feed into the review of the ePrivacy Directive which the Commission will unveil in the beginning of 2017. The aim is to adapt current rules to the new General Data Protection Regulation (GDPR) and to ensure a high level of privacy and confidentiality for users. The intention is to broaden the possibilities for communications providers to process communications data, but only with the agreement of users in the spirit of the GDPR. While the scope of the Directive currently applies to providers such as traditional telecoms companies, another key objective of the review is to include internet-based voice and messaging services. The proposal will also simplify the provisions for cookies giving more choice to users.
Since 2002, the ePrivacy Directive has protected European citizens and companies, harmonising rules to guarantee confidentiality of communications and protecting information on their smart devices. The same legislation bans unsolicited communications by emails ("spam"), SMS or fixed or mobile phones without users' consent.
The European Commission has gathered stakeholders' views through two surveys:
- A Eurobarometer survey on ePrivacy focused on collecting citizens' views conducted in July 2016. Around 27,000 citizens from different social and demographic groups were interviewed throughout the EU via phone on questions related to the protection of their privacy.
- A public consultation on the evaluation and review of the current ePrivacy Directive open to all stakeholders open from 12 April until 5 July 2016. The consultation received 421 replies from stakeholders in all Member States and outside the EU. These included 162 replies from citizens; 186 contributions from industry actors; 40 public authorities, including competent authorities which enforce the ePrivacy Directive at national level; 33 contributions from civil society associations. A summary report with preliminary findings was published on 4 August 2016. The full synopsis report is available now