Web privacy and regulation: what’s changing

The EU is currently discussing the Regulations regarding electronic communications and private life (regulations regarding web privacy designed to maximise the protection of user data) and the GDPR (European Union General Data Protection Regulation).

The first matter dealt with regards cookies. At present, anyone browsing the net can enter a site only after accepting the use of cookies by the site manager, whereas in future the visitor could have free access without giving any such consent.

This will only be possible if the browsers allow users to regulate their own tracking (in which case we wonder if web users will or will not be able to decide independently what level of protection to set).

The latest developments regarding web privacy, in addition to the subject of browsers, also include the processes of data transmission and (as a result) communication between various devices: the aim is to allow the machines to transmit data only after having obtained the authorisation of the web user.

Another option that is currently being discussed is the introduction of end-to-end cryptography (which would make every transmission of information inaccessible to governments) and changes in tele-marketing (obliging those making calls for marketing purposes either to make their number visible or use an identification code).

While the ePrivacy Regulation forms a lex specialis, the GDPR is a lex generalis. That means that the general Regulation is the starting point for ePrivacy regulation, which is limited to specifying certain points and only involves the web sphere.

In the GDPR (which should officially come into force in May 2018) penalties for transgressors are also established. Such offenders will be liable to pay up to a maximum of 4% of their annual turnover.

The European Guarantor Giovanni Buttarelli has also spoken about web privacy and has explained how users, who nowadays are more or less forced into giving their consent to the processing of their data, ought be able to choose which browser settings to use for their own privacy.

Buttarelli maintains that it is absurd that someone accessing a web portal without making any purchases should be obliged to leave some of their own details there. This phenomenon of course, does not happen in traditional bricks and mortar shops.

On the subject of personal data used by Facebook without consent, the European guarantor has expressed his perplexities and incredulity. This incredulity stems above all from the fact that he cannot understand how a colossus such as Facebook could underestimate the impact of its actions on its users.

Buttarelli also illustrated how the request for the use of personal data is interpreted in the GDPR and in the Regulations on web privacy. This consent, as well as being irrevocable, must also be linked to the right to the portability of data. The user’s non-acceptance will not block the provision of the service.

In addition, the Guarantor expressed his optimism that the new rules will not only have an effect at European level, but will also be successful in bringing changes to the approach of more and more nations worldwide.

The example mentioned is that of Japan, which despite having less severe restrictions on privacy until recently, has since January last year, introduced some changes which are more in line with those now being implemented in the Old Continent.

That brings us to the end of our summary of the latest news on the question of web privacy:  important developments which could lead to major changes in current habits and mechanisms.

Translated by Joanne Beckwith