European Commission proposes "high level" GDPR data tracking rules - WhatsApp, Facebook, Skype to be affected

Protection for users to restrict advertising potential for email and messaging services

The European Commission has proposed tougher, "high level" privacy rules for electronic communications, with a focus on restricting the advertising tracking powers of popular services such as WhatsApp, Facebook, Skype and Gmail.

The measures were presented yesterday under the title of Regulation on Privacy and Electronic Communications, and aim to "reinforce trust and security in the Digital Single Market", while bringing standards in line with the incoming GDPR legislation.

First Vice-President Frans Timmermans said the proposals "will complete the EU data protection framework", ensuring "the privacy of electronic communications is protected by up to date and effective rules, and that European institutions will apply the same high standards that [the EU] expect[s] from… Member States".

The Regulation proposals name WhatsApp, Facebook Messenger, Skype, Gmail, iMessage and Viber specifically as examples of "electronic communications services" that the privacy rules will cover in order to "increase the protection of people's private life". The current ePrivacy Directive, the EU states, "only applies to traditional telecoms operators".

Other proposals include "stronger rules" on making all people and businesses equally protecting in electronic communications, as well as a focus on protecting metadata "derived from electronic communications" with "time of a call and location" cited as an example of this.

"Both have a high privacy component and, under the proposed rules, will need to be anonymised or deleted if users have not given their consent, unless the data is required for instance for billing purposes" the proposal states.

Other ideas include "new business opportunities" for telcos based on obtaining proper consent from customers to use communications data, which could lead to "additional services" such as user heat maps, which could assist public and transport authorities with infrastructure projects.

Spam protection and simpler, more "streamlined" tracking cookie consent requests on websites are also mooted.

The proposals contain an interesting number of considerations for the current way many communications firms conduct business. Google is infamous for mining consumer Gmail accounts for marketing and tracking data, while Facebook is commonly believed to have launched the Facebook Messenger app specifically for this purpose too, now disallowing the use of the website's built-in messenging ability when using Facebook on a mobile phone.

Clearly these revenue streams are important to such companies at the moment.

The level of protection being introduced for every end user may also be another interesting piece of discourse as the UK government continues - allegedly - to work on a Brexit pla while the IT industry ponders its own future. With UK laws now introduced to force telcos to hold some of the kind of data the new EU regulations plan to force companies to anonymise or delete, it's possible an interesting window of crossover could emerge between current UK laws and proposed EU laws, with potential Brexit legislation decisions pulled into the mix.