The European Parliament's (EP’s) Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal for a new Regulation on Privacy and Electronic Communications. The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens’ fundamental privacy rights. The committee also recommended a ban on backdoors.
Enforcement Of EU’s Charter Of Fundamental Rights
Article 7 of the E.U.’s Charter of Fundamental Rights says that E.U. citizens have a right to personal privacy, as well as privacy in their family life and at home. According to the EP committee, the privacy of communications between individuals is also an important dimension of this right.
The EP committee added that:
Confidentiality of electronic communications ensures that information exchanged between parties and the external elements of such communication, including when the information has been sent, from where, to whom, is not to be revealed to anyone other than to the parties involved in a communication.
The principle of confidentiality should apply to current and future means of communication, including calls, internet access, instant messaging applications, e-mail, internet phone calls and messaging provided through social media.
Protecting Citizens Against Hacking Of Personal Information
The EP committee believes that encryption needs to be used to protect EU citizens’ sensitive information such as personal experiences and emotions, medical conditions, sexual preferences, and political views. The disclosure of this info could lead to personal and social harm, or economic loss.
The committee also argued that it’s not just the content of information that needs to be protected, but also the metadata associated with it:
The metadata includes the numbers called, the websites visited, geographical location, the time, date and duration when an individual made a call etc., allowing precise conclusions to be drawn regarding the private lives of the persons involved in the electronic communication, such as their social relationships, their habits and activities of everyday life, their interests, tastes etc.
The protection of confidentiality of communications is also an essential condition for the respect of other related fundamental rights and freedoms, such as the protection of freedom of thought, conscience and religion, and freedom of expression and information.
The EP committee also noted that electronic communications are generally personal data, which means they should also be protected under the recently passed General Data Protection Regulation. Therefore, the new regulation on private communications should not lower the protections written in the GDPR, but it should instead offer complementary safeguards for the confidentiality of communications.
Providers Affected By The Regulation
The updated Regulation on Privacy and Electronic Communications will apply to providers of electronic communication services, providers of publicly available directories, and software providers that permit electronic communications and the retrieval of information on the internet.
We’ve lately seen some EU member states push for increased surveillance and even backdoors in encrypted communications, so there seems to be some conflict here between what the European Parliament institutional bodies may want and what some member states do.
However, if this proposal for the new Regulation on Privacy and Electronic Communications passes, it should significantly increase the privacy of E.U. citizens’ communications, and it won’t be so easy to roll back the changes to add backdoors in the future.
The committee makes it clear that backdoors introduced by member states should be forbidden:
The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorised access or alterations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data.
Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited. Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services