Thursday

15th Nov 2018

Column / Brussels Bytes

EU e-privacy proposal risks breaking 'Internet of Things'

  • The 'Internet of Things' is linking traditional online devices - such as computers and smartphones - to everyday items such as fridges, thermostats and music systems. (Photo: Marcus JH Brown/Flickr)

The 'Internet of Things' - smart devices that transmit data over a network - offer myriad benefits to European society, from helping people keep track of their fitness and providing drivers with live traffic information, to monitoring air quality and automating homes and factories.

But the forthcoming ePrivacy Regulation (ePR) could throw sand in the gears of such progress by unnecessarily regulating Internet of Things (IoT) devices.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

  • Items within your own household could 'talk' to each other - in the way that email connected the world (Photo: internetfestival.it)

To fix the problem, EU policymakers need to clarify that the ePR should not apply to most IoT devices.

In contrast to the General Data Protection Regulation (GDPR), which imposes strict limits on how companies can use personal data in general, the ePR proposes even stricter rules to protect the secrecy of electronic communications, like emails and voice calls.

The ePR would prohibit all data processing not necessary to provide a service and require explicit user consent in all cases, while the GDPR is more flexible.

Smartwatches and baby monitors

The European Commission's latest draft of the ePR stresses that it applies to machine-to-machine (M2M) transmissions, which would include all the data flowing between IoT devices, but the proposal makes no distinction between M2M transmissions that contain human communications, like smartwatches and baby monitors, and those that do not, like internet-connected air and water quality sensors.

For example, the ePR proposal could require drivers using live traffic information services to consent to data processing each time their car enters the range of a new sensor network and tries to exchange data with road sensors.

This is not practical.

Drivers cannot safely study a privacy agreement and truthfully confirm having read, understood, and agreed while navigating traffic.

The GDPR, on the other hand, would allow pre-existing contracts with the driver as a substitute for direct consent, and even that would only be necessary if the transmission carries personal data.

Not feasible

Clearly not all M2M transmissions involve interpersonal communications, and treating them as if they do would render many services that rely on this data inconvenient at best, and unfeasible at worst.

The GDPR already provides adequate protection for the privacy of personal information transmitted by IoT devices, while devices that transmit neither personal information nor private communications between people, like air quality monitors, need not be subject to either law.

The heart of the problem is that the ePR does not clearly specify which types of M2M transmissions the regulation would apply to.

Before the ePR becomes law, EU policymakers should clarify the regulation so that it only covers services that enable communications between people.

Indeed, there is a proposal before the Council of the European Union to exclude M2M services from the ePR, except where they enable "interpersonal and interactive communication."

Such a change would mean the ePR protects communications that rely on M2M transmissions, like voice conversations, while M2M services that carry personal data but are not for communications between people, like fitness tracking, would fall under the general provisions of the GDPR.

Transmissions that contain neither communications between people nor personal data need not be subject to any privacy rules at all.

EU policymakers have already created major problems for Europe's digital economy with the GDPR, which imposes several unnecessary restrictions—particularly on the use of artificial intelligence—that will undermine technological innovation in Europe, often without increasing consumer protection.

By adding even tighter restrictions, the ePR is likely to further limit EU digital innovation.

But unlike the GDPR, the ePR is not yet finalised, and policymakers can still easily change it. The scope of the ePR is needlessly broad, and policymakers should narrow it down while they still have the opportunity.

Nick Wallace is a Brussels-based senior policy analyst at the Centre for Data Innovation. His Brussels Bytes column deals with the digital single market and data-related policy issues in the European Union

Column / Brussels Bytes

ECJ should rule against Austrian online censorship lawsuit

EU judges have an opportunity to make clear that no member state can decide what the rest of the world reads online, now that Austria's Supreme Court has referred the Glawischnig case to the European Court of Justice.

Column / Brussels Bytes

Some EU regulators still don't get internet economics

New EU data protection rules threaten the European digital economy, but recent actions by some national regulators remind us why EU-wide rules cannot come soon enough.

Some EU states face delays in 5G preparation

National governments secured a one-year extension for publishing plans to make radio frequencies available for mobile communications - but some were nevertheless unable to meet the deadline.

Exclusive

EU official proposed covering up wifi portal flaw

Director of Electronic Communications Networks and Services Anthony Whelan says in an internal document that he wanted to eliminate "possible criticisms" and "marginalise questions".

News in Brief

  1. Brexit MP calls for 'no confidence' vote on May
  2. Denmark blocks Tanzania aid over homophobic crackdown
  3. Second UK cabinet minister resigns over Brexit deal
  4. UK Brexit secretary quits morning after deal agreed
  5. Romanian MPs call for national 'Magnitsky Act'
  6. Tusk: Brexit summit on Sunday 25 November
  7. Full text of Brexit withdrawal agreement published
  8. Greece to investigate former PM's bank accounts

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May - but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won't be ready. The delay will cause legal uncertainty.

Stakeholders' Highlights

  1. NORDIC COUNCIL OF MINISTERSTheresa May: “We will not be turning our backs on the Nordic region”
  2. International Partnership for Human RightsOpen letter to Emmanuel Macron ahead of Uzbek president's visit
  3. International Partnership for Human RightsRaising key human rights concerns during visit of Turkmenistan's foreign minister
  4. NORDIC COUNCIL OF MINISTERSState of the Nordic Region presented in Brussels
  5. NORDIC COUNCIL OF MINISTERSThe vital bioeconomy. New issue of “Sustainable Growth the Nordic Way” out now
  6. NORDIC COUNCIL OF MINISTERSThe Nordic gender effect goes international
  7. NORDIC COUNCIL OF MINISTERSPaula Lehtomaki from Finland elected as the Council's first female Secretary General
  8. NORDIC COUNCIL OF MINISTERSNordic design sets the stage at COP24, running a competition for sustainable chairs.
  9. Counter BalanceIn Kenya, a motorway funded by the European Investment Bank runs over roadside dwellers
  10. ACCACompany Law Package: Making the Best of Digital and Cross Border Mobility,
  11. International Partnership for Human RightsCivil Society Worried About Shortcomings in EU-Kyrgyzstan Human Rights Dialogue
  12. UNESDAThe European Soft Drinks Industry Supports over 1.7 Million Jobs

Latest News

  1. Romania heaps scorn on 'revolting' EU criticism
  2. US steps in to clean up Cyprus
  3. 'Decisive progress' on Brexit as British cabinet backs deal
  4. Asylum for Macedonia's ex-PM put Orban on spot
  5. How the 'EU's Bank' fails to raise the bar on accountability
  6. Knives out on all sides for draft Brexit deal
  7. Romania data chief defends forcing press to reveal sources
  8. EU to review animal welfare strategy

Stakeholders' Highlights

  1. Mission of China to the EUJointly Building Belt and Road Initiative Leads to a Better Future for All
  2. International Partnership for Human RightsCivil society asks PACE to appoint Rapporteur to probe issue of political prisoners in Azerbaijan
  3. ACCASocial Mobility – How Can We Increase Opportunities Through Training and Education?
  4. Nordic Council of MinistersEnergy Solutions for a Greener Tomorrow
  5. UNICEFWhat Kind of Europe Do Children Want? Unicef & Eurochild Launch Survey on the Europe Kids Want
  6. Nordic Council of MinistersNordic Countries Take a Stand for Climate-Smart Energy Solutions
  7. Mission of China to the EUChina: Work Together for a Better Globalisation
  8. Nordic Council of MinistersNordics Could Be First Carbon-Negative Region in World
  9. European Federation of Allergy and AirwaysLife Is Possible for Patients with Severe Asthma
  10. PKEE - Polish Energy AssociationCommon-Sense Approach Needed for EU Energy Reform
  11. Nordic Council of MinistersNordic Region to Lead in Developing and Rolling Out 5G Network
  12. Mission of China to the EUChina-EU Economic and Trade Relations Enjoy a Bright Future

Join EUobserver

Support quality EU news

Join us