Likes of WhatsApp, Facebook, Skype, Gmail will have to guarantee that their services are confidential.
The European Commission this week took its first concrete steps to subjecting OTT service providers to the same privacy regulations as traditional telcos.
Issued on Tuesday, a proposed revision to the ePrivacy Directive would require the likes of WhatsApp, Facebook, Skype, and Gmail to apply the same principles of confidentiality to emails, messages, and conversations that operators are required to when it comes to their services.
"Our proposals will deliver the trust in the Digital Single Market (DSM) that people expect. I want to ensure confidentiality of electronic communications and privacy. Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate," said Andrus Ansip, the Commission’s vice president for the DSM, in a statement.
OTTs would have to get explicit permission from their users before being allowed to monitor their activity and harvest the data, which could spell trouble for ad-funded services that rely on building the most detailed picture possible of their users for the purposes of targeted marketing.
For telcos though, it represents an opportunity to gain consent to monetise customer data by selling it to advertisers.
However, far from being thrilled with the proposals, telco lobby groups ETNO and the GSMA said the General Data Protection Regulation (GDPR), approved last April, already provides sufficient protection to consumers.
"Restrictive ePrivacy rules would result in unfair double regulation of one sector compared to others," ETNO and the GSMA said, in a joint statement.
They also warned that emerging sectors like the Internet of Things (IoT) and upcoming 5G services may need to collect and process data constantly in order to function, and therefore "a trust-based use of the data collected by telecom operators" is what’s needed.
"Both consumers and the industry need simple and clear rules instead of a double regime with blurred boundaries," ETNO and the GSMA said.
In addition, the proposals also seek to simplify rules governing cookie consent. The Commission said Internet users are overloaded with cookie consent requests, and so going forward, Websites would not have to seek permission for non-privacy intrusive cookies, such as those used to count the number of visitors, or remember the contents of a shopping cart, for example.
The Commission is aiming for the revised ePrivacy Directive to be adopted by 25 May to coincide with the GDPR coming into force.