The European Union’s Data Protection watchdog has called for a review of the regions ePrivacy laws to guarantee communications will be confidential, and to encourage the use of encryption, as well as banning the introduction of backdoors.
The call has come from the European Data Protection Supervisor (EDPS) Giovanni Buttarelli, who yesterday published his Preliminary EDPS Opinion on the review of the ePrivacy Directive (2002/58/EC).
In the 25-page document, he dismisses calls for Government intelligence agencies to have so-called backdoors into encrypted communications. Indeed, he even goes so far as to suggest efforts to access encrypted communication should be outlawed across the EU, saying “Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.”
The EU currently has some of the strongest privacy laws to be found anywhere in the world, and the EDPS calls for these protections to be retained and strengthened to “reinforce the confidentiality and integrity of our electronic communications.”
The review of the ePrivacy directive, also known by its colloquial name of the Cookie Law, is as a result of the EUs new General Data Protection Regulation (GDPR), which it needs to meet. It is due to be concluded by the end of the year, and the opinions of the EDPS are expected to carry considerable weight in the final revisions.
Between April and July, the European Commission, which is the body holding the review, held a public consultation, which asked for feedback from individuals and organization on whether the Cookie Law should be broadened.
Currently, the law only applies to those electronic communication services which are available for use to the public. It does not currently cover over-the-top service providers (OTTs).
However, if the advice of the EDPS is adhered to, this seems likely to change. And he also called for the updating of the current rules on spam within the EU.
But perhaps most crucially, he urged that the Cookie Law should continue to ban the surveillance and interception of communications. And he was specific in what this law had to cover. Both the content and the metadata (including traffic data) of electronic communications should be protected by the law.
His opinion reads like the manifesto of a privacy campaign group and will be broadly welcomed by privacy advocates across the region. Should the final revision of the ePrivacy directive match his recommendations, it is likely to be held up as a beacon for other developed nations to seek to emulate.
Of course, the recommendation is good news for VPN users too. Whilst more and more online messaging services offer end-to-end encryption as standard these days, a VPN enables you to ensure that all of your online activity is encrypted.
This helps to guarantee your security and privacy online at all times, even when using an unencrypted messaging or email service. It also means you can use public Wi-Fi networks with confidence too.
At a time when the use of encryption is coming under sustained attack from governments around the world, it makes for a refreshing change to hear a government official endorsing and defending its use so strongly.
Of course, it remains to be seen if his recommendation makes it onto the statute book. But, for all its failings, the EU has been something of a pioneer when it comes to privacy laws, and hopes will remain high that this revision can lift the bar still higher.