EU member states are at odds with the European Commission (EC) over an extension to privacy legislation for communications providers, with some countries pushing for less restrictions when analysing users’ data.

A draft report, which provided an update on the EC’s proposal to extend a current ePrivacy directive, first proposed in January, indicated a number of issues will need to ironed out before the bill is passed into law, with many calling for softer regulation.

The EC outlined a proposal in January to extend the scope of the existing ePrivacy directive – which currently only applies to telecoms operators – to any provider of communications services.

In effect, the change in law means players like Facebook, Google and other messaging app providers would face tougher privacy legislation over handling customer messages, calls and data in the EU.

This would fall in line with the same regulations as telecoms providers, and the proposed changes would restrict companies from recording information such as the location of the user or the time of the messages, with the exception of retaining information for billing purposes, and to ensure communications are secure

Consent
However, according to a draft report of the rules, several countries want the bill to give companies more flexibility.

A number of member states also want the ePrivacy bill to be more closely aligned to the EU’s broader data protection regulation, which cover “legal grounds for processing of personal data”, and will go into law in 2018.

These include having a legitimate interest in the data, as well as cases where customers give companies their consent to use the data in question.

“Some delegations are concerned about differences between the new provision and the current directive, and some consider the provision too broad and general,” the draft report revealed.

“On the other hand, a number of delegations consider the provision on permitted processing to be too restrictive and ask for more flexibility.”

The report added a number of issues will also have to be addressed regarding “machine-to-machine communications”.

There are questions over how the new regulation might affect the way companies process data collected by machines and devices which are always interconnected.