New European legislation ignites next data privacy battle

Called ePrivacy Regulation, the law specifically protects the confidentiality of electronic communications

The new European data privacy legislation is so stringent that it could kill off data-driven online services and chill innovations like driverless cars, tech industry groups warn.

The American Chamber of Commerce to the European Union called the legislation "overly strict." The Developers Alliance, a trade group representing Facebook, Google, Intel and dozens of app makers, said it could cost businesses in Europe more than 550 billion euros, or about $640 billion, in annual lost revenue. And DigitalEurope, another tech trade group, said the legislation's prohibitive approach "seriously undermines the development of Europe's digital economy."

These industry alarms are not over the General Data Protection Regulation, or G.D.P.R., a tough privacy law that went into effect in the European Union on Friday. Instead, the cause is an even stricter privacy law that's pending - the tech industry's next regulatory battleground in Europe.

It is called the ePrivacy Regulation, and it specifically protects the confidentiality of electronic communications. The law was approved by the European Parliament last fall and is under review by the Council of the European Union, a group of government officials representing the 28 member countries. Bloc officials had originally intended for the law to go into effect this month, but Council negotiations have been slowed by internal disagreements.

If the current draft prevails, the law will require Skype, WhatsApp, iMessage, video games with player messaging and other electronic services that allow private interactions to obtain people's explicit permission before placing tracking codes on users' devices  or collecting data about their communications.

Industry and consumer advocates are essentially fighting over a contentious issue central to the post-Cambridge Analytica online economy: whether data-driven digital services represent more of a boon to consumers or the kind of surveillance that can threaten democracy.

"With one click you can manipulate hundreds of thousands or millions of people, whether you know their names or not," said Birgit Sippel, a European Parliament member from Germany who drafted the ePrivacy legislation. "That is why protecting privacy is becoming more important, especially in the digital environment."

"Do you really want that app to use your metadata? Do you really want them to read your content on a dating app?" Ms. Sippel asked. "Consumers need to get back control over what is happening with their lives and their data."

But tech industry groups and their supporters argue that ePrivacy's consent requirement and other provisions are so onerous that they would hinder innovations like smart cars, which automatically transmit safety information back to the manufacturer. And requiring companies to provide equal communications services to people who opt out of data mining, they say, could cause sites or apps that rely on data-driven advertising to start charging fees or close down.

"Europe will become a digital backwater," said Daniel Dalton, a member of the European Parliament from Britain. Mr. Dalton, who pushed for amendments on the ePrivacy bill, said he had met with Google, Microsoft, video game companies and trade groups to discuss their objections to the legislation.

"Every stakeholder I have talked to from industry, from all sizes from the very biggest to the very smallest businesses, are unanimously opposed to this," he said. 

Tech companies and trade groups have waged a furious, multipronged lobbying campaign to shut down, or at least weaken, the legislation.
 

Cisco, Facebook, Google, among others, have all lobbied officials at the European Commission about ePrivacy, according to a lobbying database created by Transparency International EU, a nonprofit research group in Brussels.

©2018 The New York Times New Service