WhatsApp, Skype face tighter constraints under new EU privacy rules - draft

BRUSSELS (Reuters) - Messaging services such as Microsoft's MSFT.O Skype and Facebook's FB.O WhatsApp face stricter rules on the way they handle customer data under new privacy laws due to be proposed by the European Union, according to a draft document seen by Reuters.

A picture illustration shows Whatsapp's logo reflected in a person's eye, in central Bosnian town of Zenica, March 13, 2015. Picture taken March 13, 2015. REUTERS/Dado Ruvic

The EU executive wants to extend some rules that now only apply to telecom operators to web companies offering calls and messages using the internet, known as “Over-The-Top” (OTT) services, according to the draft.

Web services will have to guarantee the confidentiality of communications and obtain users’ consent to process their location data, mirroring similar provisions included in a separate data protection law due to come into force in 2018.

Online advertisers will also face strict rules on how they can target ads at web users based on their browsing history.

Telecoms companies have long complained that groups such as Alphabet Inc's GOOGL.O Google, Microsoft and Facebook are more lightly regulated, even though they offer similar services.

The phone companies have called for European Union rules specific to telecoms firms – known as the e-privacy directive - either to be repealed or extended to everyone.

“If Europe wants a Silicon Valley, it needs radical regulatory simplification. We won’t get new digital services unless we overhaul e-Privacy,” Lise Fuhr, director general of ETNO, the European telecoms operators association, said.

The draft proposals would prohibit the automatic processing of people’s data without their consent. Advertisers say such automatic processing is low risk as it involves data that can not identify the user.

Fines for breaking the new law will be steep at up to 4 percent of a company’s global turnover.

A Commission spokeswoman declined to comment on the draft but said the aim of the review was to adapt the rules to the data protection regulation which will come into force in 2018 and simplify the provisions for cookies.

Cookies are placed on web surfers’ computers and contain bits of information about the user, such as what other sites they have visited or where they are logging in from. They are widely used by companies to deliver targeted ads to users.

Telecom companies, barred by current rules from using customer data to provide additional services and make more money, will be able to use customer data with their consent, according to the proposal.

It would also remove the obligation on websites to ask visitors for permission to place cookies on their browsers via a banner if the user has already consented through the privacy settings of the web browser.

“If browsers are equipped with such functionality, websites that want to set cookies for behavioural advertising purposes may not need to put in place banners requesting their consent insofar as users may provide their consent by selecting the right settings in their browser,” the draft said.

Many have questioned the effectiveness of such cookie banners which appear every time a user lands on a website because people tend to accept them without necessarily reading what that entails.

“While such banners serve to empower users, at the same time, they may cause irritation because users are forced to read the notices and click on the boxes, thus impairing internet browsing experience,” the draft said.

The proposal is set to be unveiled in January and may still undergo changes.

Editing by David Clarke and Jane Merriman