The European Commission’s proposal on harmonising electronic communications services across the EU will unduly limit internet freedom, says the European Data Protection Supervisor (EDPS). In his Opinion, the EDPS welcomes the inclusion of the principle of net neutrality – the impartial transmission of information on the internet – in the text, but also said that it is devoid of substance because of the almost unlimited right of providers to manage internet traffic.
Peter Hustinx, EDPS, says: “Any monitoring and restriction of the internet activity of users should be done solely to achieve a targeted, specific and legitimate aim. The large-scale monitoring and restriction of users’ internet communications in this proposal is contrary to EU data protection legislation as well as the EU Charter of Fundamental Rights. Such interference with the rights to personal data protection, confidentiality of communications and privacy will do little to restore consumer confidence in the electronic communications market in Europe.”
The proposal promotes traffic management measures which allow the monitoring of users’ internet communications, including emails sent or received, websites visited and files downloaded in order to filter, slow down or restrict access to illegal services or content.
The EDPS cautioned against the use of these highly privacy intrusive measures under the broad umbrella of crime prevention or to filter content illegal under national or EU law as it is not compatible with the principle of an open internet.
Confidence in our digital environment in the years ahead depends on our capacity to provide legal and technical infrastructures that can generate and preserve trust in the Digital Society. This confidence has already been seriously undermined by various surveillance scandals recently.
To re-build consumer confidence in the electronic communications market in the EU, users need to be certain that their rights to privacy, confidentiality of their communications and protection of their personal information are respected. The EDPS urges the Commission to outline more precise reasons for which traffic management measures can be applied. Any interference with their rights must be clearly communicated to users, allowing them to switch to those providers that apply less privacy-invasive traffic management techniques in their services.
Furthermore, the EDPS says that the supervision of any application of traffic management measures by providers should include a greater role for national data protection authorities to ensure that the privacy and data protection rights of users are fully respected.
On 11 September 2013, the European Commission adopted a Proposal for a Regulation laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent. Among other measures, the Proposal eases the requirements for communications providers to offer services across the EU, standardises the features of products allowing virtual access to fixed networks and harmonises the rights of end-users, such as those relating to the open Internet, as well as contractual and pre-contractual information. The EDPS Opinion focuses mainly on the effect that the Proposal may have on end-users’ rights from a privacy and data protection perspective.
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU – as well as the duties of the EDPS – are set out in Regulation (EC) No 45/2001. One of the duties of the EDPS is to advise the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection. Furthermore, EU institutions and bodies processing personal data presenting specific risks to the rights and freedoms of individuals (‘data subjects’) are subject to prior-checking by the EDPS.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content – related to or provided by end-users of communications services – are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Net neutrality: Net neutrality refers to the principle that internet service providers or governments should not restrict or interfere with users’ access to the internet. Instead they should enable access to all content and applications regardless of the source, user, content, site, platform, application, type of attached equipment and modes of communication.
Internet/online traffic: Internet traffic is the flow of data across the internet, in other words the usage of the internet at any given time, such as accessing a web page.
Internet traffic management: Traffic may be blocked or filtered by internet service providers, for example, to restrict employees from accessing content that is not deemed to be work appropriate, to restrict access to objectionable content or services, to downgrade access in case of congestion, and to prevent or to respond to security attacks.
The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies.