New laws and regulations will be introduced by the European Commission (EC) later this year with the intention of increasing levels of consumer security and privacy.
The measures to be presented will extend its scope to all electronic communication providers. They’ll also aim to create new possibilities for processing communication data, and reinforce trust and security in the Digital Single Market – a key objective of the Digital Single Market strategy, according to the European Commission.
At the same time, the proposal sets to align the rules for electronic communications with the new standards of the EU's General Data Protection Regulation. The EC is also proposing new rules to ensure that when personal data are handled by EU institutions and bodies privacy is protected in the same way as it is in Member States under the General Data Protection Regulation, as well as setting out a strategic approach to the issues concerning international transfers of personal data.
"Our proposals will complete the EU data protection framework. They will ensure that the privacy of electronic communications is protected by up to date and effective rules, and that European institutions will apply the same high standards that we expect from our Member States," explains the EC's First Vice-President Frans Timmermans.
These regulations are proposed with the intention to improve and strengthen consumer trust in the digital economy, and make it more convenient for EU and UK businesses to continue activity. Protected data will allow businesses to transmit data internationally with more confidence, and develop a stronger level of protection for businesses both inside the EU and on the international exchange. A data subject’s consent to the processing of their personal data must be as easy to withdraw as to give consent. Consent must be “explicit” for sensitive data. These legislations will come into effect in May 2018.
“The expanded territorial reach of the General Data Protection Regulation (GDPR) will offer a more balanced treatment between EU and non-EU data controllers,” states Ahmed Baladi, Partner at Allen & Overy.
The new regulations will bring better online protection to both businesses and people’s private lives, and is expected to open up new opportunities for businesses and banks globally. Nowadays, sharing information has become all too much of a commonplace for consumers. Consumers share personal information, as well as personal data, with smartphones and digitally at a much increased volume than before. In a technology-driven world, businesses go further than just seeking to acquire a name and address, they can pinpoint personal data from one sign-up or submission. The new implication of these regulations will give authority to users who request to see what information is being held about them.
“Many companies are re-examining their processes and procedures now in order to ensure compliance," states Nigel Parker, Partner at Allen & Overy, in a recent report.
The EU Commission states the following, giving insight about the new regulations and how it will be effective:
- New players: 92% of Europeans say it is important that their emails and online messages remain confidential. Privacy rules will now also cover new providers of electronic communications services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber.
- Stronger rules: By updating the current Directive with a directly applicable Regulation, all people and businesses in the EU will enjoy the same level of protection for their electronic communications. Businesses will also benefit from one single set of rules across the EU.
- New business opportunities: Once consent is given for communications data, both content and/or metadata, to be processed, traditional telecoms operators will have more opportunities to use data and provide additional services. For example, they could produce heat maps indicating the presence of individuals to help public authorities and transport companies when developing new infrastructure projects.
- Protection against spam: Today's proposal bans unsolicited electronic communication by any means, e.g. by emails, SMS and in principle also by phone calls if users have not given their consent. Member States may opt for a solution that gives consumers the right to object to the reception of voice-to-voice marketing calls, for example by registering their number on a do-not-call list.
- More effective enforcement: The enforcement of the confidentiality rules in the Regulation will be the responsibility of national data protection authorities.
An increased level of personal information and company data is available in the digital space than ever before, which gives cyber hackers much greater potential and advantage of access to personal information if protection services aren’t implemented properly.
“As companies – alongside customers and governments – do more business online than ever before, they not only enjoy the benefits of the digital world, but they also are exposed to its threats. Aside from high-profile breaches covered in the media – from Targets to Sony – organisations are actually under constant attack,” states Philip Pettinato, speaking to bobsguide about cyber security.
Furthermore, according to a report by PwC Global, cyber-crime has now taken the spot of the second most reported crime, with 32 per cent of organisations affected, and a further 34 per cent believed to be affected in the upcoming two years. The new proposed regulation should assist in protecting sensitive information processed by businesses, and act as a greater firewall built to protect sensitive information.