Submissions from Facebook and Vodafone Group highlight stark differences of opinion about the European Commission’s review of its e-privacy directive.
The social network giant said it would be “fundamentally incorrect” to apply the same obligations to internet firms as currently rest on operators. Extending the directive to include such players would be “unnecessary, discriminatory and disproportionate”, it argued.
But in its submission Vodafone laid out the counter view: “In our view security obligations, confidentiality of communications and obligations on traffic and location data should apply equally to all forms of service provider whether a traditional telecoms operator or an over the top service provider.”
The European Commission opened a consultation on reforming the e-privacy directive in April this year. The rules govern the processing of personal data and the approach towards privacy of operators and ISPs.
The directive was last updated in 2009. Earlier this month, there were reports of a leaked document showing the EC was planning to take a harder line on regulating internet and messaging firms. However, this was likely an early draft.
In addition to Facebook and Vodafone, the review attracted comments from a wide array of players, including BT, Deutsche Telekom, Orange, Telenor, Telia, Telecom Italia, as well as Google and Microsoft among others.
There has been growing pressure, led by operators, to extend rules to the likes of Facebook, and so create a more level playing field. Unsurprisingly, the social network giant and its peers are pushing back against this pressure.
Facebook gives examples of why it would be unfair to extend the rules. It argues it is unclear what steps would be needed for it to present or restrict information on consumers of online services, such as messaging, and how much it would cost. Facebook owns popular messaging app WhatsApp.
Operators currently have that obligation.
Another example would be the requirement to provide automatic call forwarding and directories of subscribers, which “hardly fit the services provided by online service providers”, said Facebook.
In addition, the company argued it could not be expected to comply with an obligation to anonymise or delete user data, since it does not control the underlying network infrastructure where location and traffic data reside.
Crucially, Facebook claims there is “no regulatory gap” as online services are included in the GDPR (General Data Protection Regulation).
Here at least there appeared harmony with some telco opponents. Despite arguing in a questionnaire that messaging firms should face security, confidentiality and data obligations the same as operators, BT said some of its answers were made “without prejudice to our overriding view that sector specific rules on protection of personal data are redundant in the light of GDPR”.
In addition to giving supplementary opinions, respondents also filled in a questionnaire of 33 questions about their attitude to the e-privacy directive.
The deadline for submissions was 5 July and the EC published responses, including Facebook’s, earlier in August.