21st Mar 2018

Column / Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

  • The 'Internet of Things' is linking traditional online devices - such as computers and smartphones - to everyday items such as fridges, thermostats and music systems. (Photo: Marcus JH Brown/Flickr)

The 'Internet of Things' - smart devices that transmit data over a network - offer myriad benefits to European society, from helping people keep track of their fitness and providing drivers with live traffic information, to monitoring air quality and automating homes and factories.

But the forthcoming ePrivacy Regulation (ePR) could throw sand in the gears of such progress by unnecessarily regulating Internet of Things (IoT) devices.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

  • Items within your own household could 'talk' to each other - in the way that email connected the world (Photo:

To fix the problem, EU policymakers need to clarify that the ePR should not apply to most IoT devices.

In contrast to the General Data Protection Regulation (GDPR), which imposes strict limits on how companies can use personal data in general, the ePR proposes even stricter rules to protect the secrecy of electronic communications, like emails and voice calls.

The ePR would prohibit all data processing not necessary to provide a service and require explicit user consent in all cases, while the GDPR is more flexible.

Smartwatches and baby monitors

The European Commission's latest draft of the ePR stresses that it applies to machine-to-machine (M2M) transmissions, which would include all the data flowing between IoT devices, but the proposal makes no distinction between M2M transmissions that contain human communications, like smartwatches and baby monitors, and those that do not, like internet-connected air and water quality sensors.

For example, the ePR proposal could require drivers using live traffic information services to consent to data processing each time their car enters the range of a new sensor network and tries to exchange data with road sensors.

This is not practical.

Drivers cannot safely study a privacy agreement and truthfully confirm having read, understood, and agreed while navigating traffic.

The GDPR, on the other hand, would allow pre-existing contracts with the driver as a substitute for direct consent, and even that would only be necessary if the transmission carries personal data.

Not feasible

Clearly not all M2M transmissions involve interpersonal communications, and treating them as if they do would render many services that rely on this data inconvenient at best, and unfeasible at worst.

The GDPR already provides adequate protection for the privacy of personal information transmitted by IoT devices, while devices that transmit neither personal information nor private communications between people, like air quality monitors, need not be subject to either law.

The heart of the problem is that the ePR does not clearly specify which types of M2M transmissions the regulation would apply to.

Before the ePR becomes law, EU policymakers should clarify the regulation so that it only covers services that enable communications between people.

Indeed, there is a proposal before the Council of the European Union to exclude M2M services from the ePR, except where they enable "interpersonal and interactive communication."

Such a change would mean the ePR protects communications that rely on M2M transmissions, like voice conversations, while M2M services that carry personal data but are not for communications between people, like fitness tracking, would fall under the general provisions of the GDPR.

Transmissions that contain neither communications between people nor personal data need not be subject to any privacy rules at all.

EU policymakers have already created major problems for Europe's digital economy with the GDPR, which imposes several unnecessary restrictions—particularly on the use of artificial intelligence—that will undermine technological innovation in Europe, often without increasing consumer protection.

By adding even tighter restrictions, the ePR is likely to further limit EU digital innovation.

But unlike the GDPR, the ePR is not yet finalised, and policymakers can still easily change it. The scope of the ePR is needlessly broad, and policymakers should narrow it down while they still have the opportunity.

Nick Wallace is a Brussels-based senior policy analyst at the Centre for Data Innovation. His Brussels Bytes column deals with the digital single market and data-related policy issues in the European Union

Column / Brussels Bytes

ECJ should rule against Austrian online censorship lawsuit

EU judges have an opportunity to make clear that no member state can decide what the rest of the world reads online, now that Austria's Supreme Court has referred the Glawischnig case to the European Court of Justice.

Column / Brussels Bytes

Some EU regulators still don't get internet economics

New EU data protection rules threaten the European digital economy, but recent actions by some national regulators remind us why EU-wide rules cannot come soon enough.

EU takes step towards free flow of data

Non-personal data should be allowed to cross EU borders without restrictions, with an exemption for security reasons, diplomats meeting in the Council of the EU have agreed.

News in Brief

  1. EU to have 'immediate' trade talks with Trump
  2. Separatist activist renounces Catalonia leadership candidacy
  3. EU puts conditions on Bayer-Monsanto merger
  4. Hard Brexit would hit poorer Irish households hardest
  5. Finland hosts secretive North Korean talks
  6. EU to unveil 3% tax on digital giants
  7. German elected S&D leader in European Parliament
  8. Germany: nearly €350m child benefit goes abroad

Stakeholders' Highlights

  1. EUobserverStart a Career in EU Media. Apply Now to Become Our Next Sales Associate
  2. EUobserverHiring - Finance Officer With Accounting Degree or Experience - Apply Now!
  3. ECR GroupAn Opportunity to Help Shape a Better Future for Europe
  4. Counter BalanceControversial Turkish Azerbaijani Gas Pipeline Gets Major EU Loan
  5. World VisionSyria’s Children ‘At Risk of Never Fully Recovering', New Study Finds
  6. Macedonian Human Rights MovementMeets with US Congress Member to Denounce Anti-Macedonian Name Negotiations
  7. Martens CentreEuropean Defence Union: Time to Aim High?
  8. UNESDAWatch UNESDA’s President Toast Its 60th Anniversary Year
  9. AJC Transatlantic InstituteAJC Condemns MEP Ana Gomes’s Anti-Semitic Remark, Calls for Disciplinary Action
  10. EPSUEU Commissioners Deny 9.8 Million Workers Legal Minimum Standards on Information Rights
  11. ACCAAppropriate Risk Management is Crucial for Effective Strategic Leadership
  12. EPSUWill the Circular Economy be an Economy With no Workers?

Latest News

  1. EU leaders set for 'stormy debate' on digital tax at summit
  2. EU praises Turkey on migrant deal despite Greek misery
  3. Judicial reforms 'restore balance', Poland tells EU
  4. Whistleblower fears for life as US arrests Malta bank chair
  5. Behind the scenes at Monday's EU talks on Russia
  6. US yet to push on Nord Stream 2 sanctions
  7. EU mulls coercion to get refugee kids' fingerprints
  8. Five east European states prevent new CAP consensus

Stakeholders' Highlights

  1. European Jewish CongressThe 2018 European Medal of Tolerance Goes to Prince Albert II of Monaco
  2. FiscalNoteGlobal Policy Trends: What to Watch in 2018
  3. Human Rights and Democracy NetworkPromoting Human Rights and Democracy in the Next Eu Multiannual Financial Framework
  4. Mission of China to the EUDigital Cooperation a Priority for China-EU Relations
  5. ECTACompetition must prevail in the quest for telecoms investment
  6. European Friends of ArmeniaTaking Stock of 30 Years of EU Policy on the Nagorno-Karabakh Conflict: How Can the EU Contribute to Peace?
  7. ILGA EuropeCongratulations Finland!
  8. UNICEFCyclone Season Looms Over 720,000 Rohingya Children in Myanmar & Bangladesh
  9. European Gaming & Betting AssociationEU Court: EU Commission Correct to Issue Guidelines for Online Gambling Services
  10. Mission of China to the EUChina Hopes for More Exchanges With Nordic, Baltic Countries
  11. Macedonian Human Rights MovementCondemns Facebook for Actively Promoting Anti-Macedonian Racism
  12. Nordic Council of MinistersGlobal Seed Vault: Gene Banks Gather to Celebrate 1 Million Seed Collections