Facebook, Microsoft, Google and other messaging app providers face tougher privacy legislation in the European Union (EU) should an extension to current laws be approved by the European Parliament.

The European Commission (EC) yesterday outlined a proposal to extend the scope of an existing ePrivacy directive – which currently only applies to telecoms operators – to any provider of electronic communication services.

Under the proposal, which also includes updating some of the original ePrivacy rules, messaging providers would face stricter regulations on the handling of customer messages, calls and data including the anonymisation or deletion of any data related to the communication unless the consumer consents.

The proposed changes mean companies would be unable to record information such as the location of the user or the time of the messages, with the exception of retaining information for billing purposes.

In a statement the EU said companies would be able to develop “new business opportunities” to take advantage of data derived from customers, but these would rely completely on gaining consumers’ consent first.

The use of data by messaging companies aroused the interest of the EU several times in recent months. In October it issued a warning to WhatsApp and Yahoo on data protection, and in December the Commission accused Facebook of making misleading statements during its acquisition of WhatsApp regarding how it would use customer information.

Andrus Ansip (pictured), EC VP for the Digital Single Market, said: “Our proposals will deliver the trust in the Digital Single Market that people expect. I want to ensure confidentiality of electronic communications and privacy. Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate.”

The proposal will now go to the European Parliament for debate. The EC aims to have the new rules in place by 25 May 2018.