Same service, but different rules?

In 1997, when the first e-Privacy Directive was adopted in the EU, specific Data Protection rules for telecommunications operators may have been justified. But today, with such a broad range of online service companies collecting and processing even larger volumes of personal data, there can be no justification for such an approach.

Equally meaningless are the obligations established especially for telecommunications operators in the Data Retention Directive or in the Data Breaches Notification Regulation. These lead to significant competitive disadvantage when compared to online service providers.

The different use of data by different kinds of companies is based on regulatory asymmetries: telecommunications providers cannot use the information contained within text messages, yet the contents of a web email and instant messages are routinely used by other ICT companies to target advertising. This is not only confusing for customers but also not justifiable from a legal perspective.

Against the background of global convergence and competition, the co-existence of all these various sector-specific rules with the future General Data Protection Regulation (GDPR) of the EU would be incompatible with the principle of sector and technological neutrality. The result would be negative for both businesses and consumers, as consumers would face inconsistent privacy experiences for functionally equivalent services. They would need to understand whether the service was being provided by a telecom operator or an online service provider in order to assess the degree to which their data is protected.

The on-going review of the EU Data Protection legal framework is a unique opportunity to achieve a true level playing field and apply technological neutral principles to all stakeholders. In the current converged World, the distortions between sectors are not justifiable and should be removed in order to enable sustained growth across the Digital Ecosystem. The best option for consumers would be to include the principle of confi dentiality of communications within the general Data Protection legislation, thereby removing any need for the e-Privacy Directive.