[gnso-rds-pdp-wg] "In vote on ePrivacy, EU civil liberties committee makes improvements for users’ rights"

[Greg Shatan]

Here is another piece of commentary on the committee vote on the proposed
ePrivacy Regulation, from a somewhat different perspective:
https://www.lexology.com/library/detail.aspx?g=acc01469-64a8-452e-ad57-f9953852a3a8

For context, the statement notes:

The vote was 31 votes in favor, 24 votes against and 1 abstention. The
outcome of the plenary of the European Parliament (in a vote which is
expected on October 26, 2017) is not clear and the negotiations with the
Member States in the Council have yet to begin.


This statement also reports on an independent study of the proposed
ePrivacy Regulation by Professor Niko Haerting of Haerting Rechtsanwaelte,
Berlin, and includes the study's key findings:


   - With the prohibition on “processing” communications data, the
   Regulation would be a serious obstacle to digital innovations in Europe and
   to the development of new beneficial services based on data use and machine
   learning. The prohibition on “processing” would constitute a substantial
   setback to the European digital economy.
   - Excessive consent requirements would lead to red tape and tick boxes,
   which are likely to irritate consumers. This will negatively impact their
   online experience.
   - Art. 5 of the Regulation introduces a new prohibition on the
   “processing” of communications data. However, it is exactly the
   “processing” of communications data that that the customer pays for (as
   opposed to “interception” or “surveillance”). The prohibition should be
   limited to interception and surveillance of messages.
   - With respect to metadata, it is unclear why IP addresses and other
   “online identifiers” clearly covered by the GDPR need to be regulated in
   the Regulation as well.
   - Art. 6 of the Regulation does not work for machine-to-machine
   communication, wearables, connected cars and the Internet of Things
   (“IoT”). In machine-to-machine-communication, raw data are transmitted that
   qualify neither as “content” nor metadata.
   - When customers use digital communications services (e.g., email,
   messenger), they will expect their messages to be stored by the provider.
   Moreover, they will expect to be in control when it comes to the erasure of
   messages. Therefore, the provider’s duty to erase content is against the
   user’s interests and contrary to the user’s expectations.
   - Given that “online identifiers” cookies are covered by the GDPR, it is
   unclear why additional provisions are needed in the Regulation.
   - Web analytics tools are, on the one hand, recognized as “legitimate
   and useful”. On the other hand, hardly any analytics tool will be covered
   by the exception from the consent requirement, because the exception is
   applicable only when a website operator is using his or her own analytics
   tool. This is contradictory.
   - Fingerprinting falls under the “cookie provision” of Art. 8 of the
   Regulation and requires consent. For the time being, it does not appear to
   be realistic to expect that there will soon be browser settings on the
   market that meet the requirements of consent for fingerprinting. There are
   presently no standards for such settings on the market, and the standards
   that can be found in the Regulation focus exclusively on cookies and
   neglect fingerprinting and other non-cookie tracking technologies.
   - WI-FI and Bluetooth tracking are prohibited by Art. 8 (2) of the
   Regulation and no consent exception is provided. This is not in line with
   the intention of making consent the “central legal ground” of the
   Regulation.
   - The obligation to display “prominent notices” limits the lawfulness of
   WI-FI and Bluetooth tracking to tools that monitor a building or a
   pre-defined area.
   - The over reliance on consent is based on false assumptions when it
   comes to legal persons. The Regulation aims at protecting privacy and
   extending such protection to legal persons. However, it is unclear whose
   consent is relevant.
   - Art. 10 of the Regulation obliges app providers to enable users to
   prevent the storing of “information.” However, it is such storage that
   often will be a fundamental function of the app. There is no reason why the
   provider of a messenger app should be obliged to enable his or her
   customers to prevent the storing of messages, pictures and voice files on
   their smartphones given that the receipt and (temporary) storage of content
   is the main purpose of the app.


On Fri, Oct 20, 2017 at 8:30 AM, Ayden Férdeline <icann at ferdeline.com>
wrote:

> Greetings, all-
>
> I found this statement
> <https://www.accessnow.org/vote-eprivacy-eu-civil-liberties-committee-makes-improvements-users-rights/>
> interesting, and thought others might too given recent comments on our list
> regarding the ePrivacy Directive. I have pasted the relevant text below
> (emphasis added).
>
> Best wishes, Ayden
> --
>
> *In vote on ePrivacy, EU civil liberties committee makes improvements for
> users’ rights *
> 19 OCTOBER 2017 | 5:28 AM
>
> Brussels, BE—Today, the Civil Liberties, Justice and Home Affairs
> Committee (LIBE) of the European Parliament *adopted its report on the
> ePrivacy Regulation which aims at strengthening users’ right to privacy and
> the confidentiality of communications. The committee has included new
> measures on privacy by default, safeguards the use of secure encryption
> technology, and improves corporate accountability* by requiring companies
> to publish yearly transparency reports. The committee however lacked
> ambition in developing protections against tracking.
>
> “This vote is an important step as we move toward adoption of a strong
> ePrivacy Regulation, with the capacity to secure human rights for millions
> of people,” said Estelle Massé, Senior Policy Analyst at Access Now.“While
> the report is not perfect, Access Now congratulates the LIBE committee for
> its *valuable and necessary work to protect the fundamental right to
> privacy in the digital age*.”
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171020/7bc5b4bd/attachment.html>