The European Court of Justice has declared the EU Data Protection Directive invalid. The directive requires communication providers to retain metadata on all calls and internet use for up to two years, in case they are needed for law enforcement purposes. The court found that the collection and access to such data is a “particularly serious” interference with the fundamental right to a private life and protection of personal data. The court also found that the directive did not sufficiently protect against possible abuse or unlawful access to information, that its parameters were too vague, and that it did not require the collected data to be stored in the EU.
Separately, in the U.S., the director of the Federal Trade Commission’s Bureau of Consumer Protection, Jessica Rich, notified Facebook and WhatsApp about their obligations to protect users’ privacy in light of Facebook’s announced acquisition of WhatsApp. In a letter, Rich told WhatsApp and Facebook that both companies must keep the promises they have previously made with regard to customer privacy, and that if they do not, they will be in violation of U.S. law. Furthermore, before making any material changes to how they use data already collected from WhatsApp subscribers, the companies must get affirmative consent. The letter also states that the companies must not misrepresent the extent to which they maintain the privacy or security of user data, and it recommends that consumers be given the opportunity to opt out of any future changes in the ways newly-collected data is used.
While these two actions are quite different, they are both governmental responses to rising concern among consumers over privacy and data protection. One of those concerns, especially since the Edward Snowden revelations, is over the degree to which law enforcement authorities should have access to personal information transmitted via voice calls and internet use. The EU’s change in policy, which had been under discussion since an initial opinion in December 2013, by curtailing metadata collection affirms that public security does not in and of itself justify a large-scale invasion of privacy, and that the risk of abuse outweighs the benefits of collecting such information.
The above item appeared in a recent issue of The Tarifica Alert, a weekly resource that analyzes noteworthy developments in the telecoms industry from around the world. To access all of the latest articles and issues: http://www.tarifica.com/TarificaAlert.aspx