Position paper on the European Commission proposal for a ePRIVACY REGULATION

Position paper on the European Commission proposal for a ePRIVACY REGULATION
19/06/2017 Muriel Hirschfeld

Download PDF file: Position paper on the European Commission proposal for a ePRIVACY REGULATION

Cable operators are at the forefront of innovation in the telecoms and the audiovisual spaces. Cable networks go into the home of 63.7 million customers in the European Union, providing digital TV, broadband internet, and telephony services. Cable Europe’s members are confronted with different layers of EU rules pertaining to these converged activities, namely the electronic communications regulatory framework, the electronic commerce rules, the audiovisual media framework, the general rules on data protection (GDPR), as well as sector-specific privacy rules. There is some overlap between these instruments and the European Commission’s proposed ePrivacy regulation does not contribute to make things clearer.

Since its adoption in 2002, the ePrivacy Directive has shown that sector specific regulation in this area is difficult to achieve. Despite applying to traditional telcos, the current directive also includes provisions applicable to website operators, i.e. on virtually every business running a website. Fifteen years on, the Commission continues widening the scope of the existing rules (to OTTs) but does not provide the necessary safeguards for an effective level-playing field. In the view of our members, sector-specific regulation, should equally apply to all market players who provide similar services, contrary to the current approach which over focuses on electronic communications service providers. In connection with this, it is necessary to ensure that the future framework, which will be directly applicable at national level, is as clear and unambiguous as possible.

Cable Europe highlights the following points.

SCOPE

The Commission’s proposal brings OTT providers partially into its scope to reflect market reality based on the definition of ‘electronic communication services’ (ECS) as set forth by the draft Electronic Communications Code and on the need to ensure a level-playing field i.e. similar rules for similar services. At first sight, this is a positive development, but the end-result is however potentially harmful for telecoms operators, given the lack of clarity as regards to the exact scope of the Commission’s draft.

The following examples illustrate the need for clarity.

Similar rules for similar services

The Commission’s proposal leaves untouched the language of the 2002 directive as regards the processing of electronic communications data carried out “in connection with” the provision and the use of ECS. Cable Europe fears that this language could pose an obstacle to the desired aim of achieving a level –playing field as virtually all services provided by ECS operators, including cable, will always be considered as provided “in connection” with ECS. In other words, services provided by electronic communications network providers, should not be disadvantaged in relation to similar OTT services offered on the open internet which may not be captured by the future rules. In particular, electronic communications network providers should not be disadvantaged in relation to OTT services because they own or operate an electronic communications network.

A practical example: according to the Commission, GPS – satellite- data (so-called “GPS triangulating”, typically, Google Maps) falls outside the scope of the proposal and only telecoms metadata (ie. traffic data) is covered. For the sake of consistency, the regulation should also make clear that services offered by telcos that are based on GPS triangulating also fall outside the scope of the regulation, or at least that such services will not “automatically” be considered as services provided “in connection with” an ECS.

Viewing data

Clarity on the regulatory treatment of viewing data, originating both from linear and non-linear viewing, is particularly important for cable operators given evolving business models that drive the development of innovative products, including the use of targeted advertising.

At present, the national legal frameworks resulting from the implementation of the ePrivacy Directive contain differing solutions regarding the extent to which viewing data falls within the scope of the national implementing laws.

The new regulation risks disrupting established practices and business models in the Member States by not providing a consistent set of clear rules.

The proposed ECS definition as set forth in the draft electronic communications code includes services consisting “wholly or mainly in the conveyance of signals such as transmission services used for (…) broadcasting” and excludes “services providing, or exercising editorial control over, content transmitted using electronic communications networks and services”. If conveyance of TV signals falls within the scope of the definition, in our view, the provision of broadcasting content and Video-on-Demand (VOD) therefore falls outside the scope of the draft Code and hence outside the scope of the ePrivacy proposed rules (without prejudice to the application of the GDPR). Furthermore, in our view, viewing data is not electronic communications data within the meaning of the ePrivacy draft. On one hand, viewing data is not electronic communications content as it is does not refer to content exchanged between end-users. On the other hand, viewing data is not electronic communications metadata as it does not relate to data processed for the purposes of transmitting, distributing or exchanging electronic communications content.

However, despite the above, the situation remains unclear, in particular, having in mind that the Commission’s approach focuses on electronic communications service providers. Again, Cable Europe stresses that European cable distributors should not be disadvantaged compared to other (global) market players, such as Netflix, who provide similar services (namely, VOD) and which clearly are not covered by the Commission’s draft.

CONSENT

Cable Europe would like to draw the attention to the illusion of over-reliance on consent as the sole means to legitimately process metadata and/or content data – in contrast with the GDPR. Moreover, given the cases where such data may be processed are formulated as exceptions to a general prohibition and given that the “legitimate interests” of the controller are not considered as a lawful ground for processing, there should be more exceptions to consent in order to cater for situations where there is no negative impact on the privacy of end-users. This is the case, for example, of processing that is necessary for improving quality of service, for network planning, or for detecting and stopping fraud. The need for a limited relaxation of the consent requirement has been acknowledged by the Article 29 Working Party (Opinion 1/2017) and by the European Data Protection Supervisor (Opinion 6/2017). Both consider that the regulation should not prevent national legislators from providing additional, limited and specific exceptions to the ePrivacy Regulation, for example to protect the ‘vital interests’ of individuals in accordance with the GDPR. In our view, a number of exceptions could therefore be added to the current draft of the ePrivacy regulation and Member States should also have the possibility to set forth specific exceptions.

Cable Europe also considers that the future rules should leave room for an opt-out system for customers similar to the current provision of the ePrivacy Directive on unsolicited communications. We believe that an effective and well functioning opt-out system is more empowering for end-users than an opt-in requirement which often has limited value, as has been demonstrated in the case of cookies. This would be particularly important if viewing data were to fall within the scope of the regulation (see above), as the consumption of cable products does not typically involve the use of web browsers as user interfaces and therefore it is unclear to what extent cable operators would be able to apply the proposed rules around web browsers settings to obtain end-users’ consent in a centralised and sensible manner.

TIMING

According to the Commission’s draft, the regulation should apply from May 25, 2018, i.e. the same date as the GDPR. We understand the Commission’s aim to synchronize the applicability of the GDPR and of the ePrivacy Regulation in order to ensure full consistency between both instruments. This would be to the benefit of end-users and businesses overall. At the same time, we also consider that it is important not to rush this regulation through Parliament and Council and that sufficient time is needed to adopt good quality legislation. We also consider that should the proposed deadline remain, the regulation should grant a reasonable grace period in order to allow for companies to adapt to the new rules.

 

***

About Cable Europe

Cable Europe is the trade association that connects leading broadband cable TV operators and their national trade associations throughout the European Union. The regulatory and public policy activities of Cable Europe aim to promote and defend the industry’s policies and business interests at European and international level. The European cable industry provides high speed broadband internet, TV services, and telephony into the home of 64.5 million customers the European Union.

 

This paper represents the views of the full members of Cable Europe, and not necessarily those of our associate members, partners or affiliates.