sdecoret - stock.adobe.com
Over the past year, as businesses focused on the General Data Protection Regulation (GDPR), another transformational piece of privacy legislation quietly began to make waves across Europe: the forthcoming European ePrivacy Regulation (ePR). The ePR will replace the current ePrivacy Directive, which has been in place since 2002.
Providing further protection to individuals’ personal data and privacy, it will apply to all electronic communications service providers, including telecoms operators, as well as over-the-top (OTT) applications, and will supplement the recently enforced GDPR. The ePR will significantly affect how mobile networks are able to use data and, ultimately, the ability of Europe’s mobile operators to engage in data-driven innovation in the future.
As the European Council continues to debate the proposed ePR, we are entering a crucial phase of its development, which could have a long-lasting impact on the provision of digital services across Europe.
Harnessing the power of big data
Mobile operators are the backbone of the European digital economy and their networks have enabled the rise of connectivity across the region.
According to the GSMA Mobile Economy 2018 report, Europe has already achieved a unique subscriber penetration rate of 85%, and a mobile internet penetration rate of 72%. As mobile technologies, including 5G and the internet of things (IoT) evolve, mobile operators are focused on responsibly harnessing the power of data to stay at the forefront of Europe’s digital growth.
Mobile operators recognise the importance of the confidentiality of communications, and for years have adhered to stringent regulations to protect the interests of the public. The ePR’s continued focus on confidentiality is welcomed, but some aspects run the risk of having a negative effect on consumers and innovation if practical considerations on how data can be used are not more closely considered.
Helping deliver new benefits to society
The ePR will regulate the use of a major source of data for mobile operators – electronic communications metadata. This allows mobile networks to connect people to each other and to services, and includes the date, time, duration and type of communication (whether it is a call or SMS, but not the content of the communication); the source and destination of a communication; and the location of a device.
Jade Nester, GSMA
Metadata can be used in privacy-protective ways to develop innovative services that deliver new societal benefits, such as public transport improvements and traffic congestion management. In many cases, pseudonymisation can be applied to metadata to protect the privacy rights of individuals, while also delivering societal benefits.
Pseudonymisation of data means replacing any identifying characteristics of data with a pseudonym, or, in other words, a value which does not allow the data subject to be directly identified.
The processing of pseudonymised metadata can enable a wide range of smart city applications. For example, during a snow storm, city governments can work with mobile networks to notify connected car owners to remove their cars from a snowplough path. Using pseudonyms, the mobile network can notify owners to move their cars from a street identified by the city, without the city ever knowing the car owners’ identities.
In this way, significant gains can be realised in resource management without necessitating prior consent from each potentially concerned individual, which would be required under the proposed ePR.
Future-proofing regulation for 5G, connected cars and IoT
It is difficult to predict how technology, business models and consumer preferences will change in the coming years. That is why our industry cautioned against a short-sighted list of exceptions to the overarching ban on metadata processing in the ePR, exclusively based on the use cases and needs of today, not taking into account those of tomorrow.
It is encouraging to see that the amendments to the ePR proposed by the Austrian presidency (of the EU) include the principle of compatible further processing of communications metadata, in line with the GDPR, subject to binding safeguards such as pseudonymisation. This will grant electronic communications operators the possibility to re-use metadata and develop new offerings for European consumers and society, while holding them accountable according to a risk-based approach, as set out in the GDPR.
Learning from the GDPR
Mobile operators appreciate that EU member states have thoughtfully deliberated the ePR, and support the regulation’s underlying principle that unlawful interference with communications should be prohibited.
As EU member states continue to deliberate the ePR, embracing the principle of compatible further processing will help them meet the dual objectives of enabling innovative services for society while protecting the privacy and confidentiality of citizens.
Strong safeguards like pseudonymisation, and adherence to the key tenets of the GDPR, will guarantee that the fundamental rights to privacy and confidentiality are fully protected.
The data economy is global, and EU legislation should provide a regulatory environment that enables European operators to harness the full potential of data to compete globally.
GSMA supports the presidency of the EU in its endeavour to steer the ePR in the right direction and hope that member states will endorse the new orientation proposed in Article 6 to make the regulation truly fit for the digital age.