Online messaging services could struggle under new EU data protection laws
WhatsApp, iMessage, Gmail and other online messaging services could face depleted advertising revenue in the future under a new proposal from the European Union that would limit the tracking of user data.
Under the new rules, services will have to guarantee the confidentiality of their customers’ conversations and get their consent before tracking them online to serve them personalised ads.
For example, email services such as Gmail and Hotmail will not be able to scan customers’ emails to serve them targeted ads without getting their explicit agreement.
Most free online services rely on advertising to fund themselves, raising fears that Tuesday’s proposal could reduce that revenue stream.
The proposal by the European Commission extends some rules that now only apply to telecom operators to web companies offering calls and messages using the internet, known as ‘over-the-top’ (OTT) services, seeking to close a perceived regulatory gap between the telecoms industry and mainly US Internet giants such as Facebook, Google and Microsoft.
It would allow telecom companies to use customer metadata - such as the duration and location of calls - to provide additional services and make more money, something they are barred from doing under current rules.
The review of the so-called e-privacy law will also require web browsers to ask users upon installation whether they want to allow websites to place cookies on their browsers. A previous leaked version would have forced browsers to set the default settings as not allowing cookies.
“It’s up to our people to say yes or no,” said Andrus Ansip, Commission vice-president for the digital single market.
Cookies are placed on web surfers’ computers and contain bits of information about the user, such as what other sites they have visited or where they are logging in from. They are widely used by companies to deliver targeted ads to users.
Online advertisers have warned that overly strict rules would undermine many websites’ ability to fund themselves and keep offering free services. They say the data they use cannot identify the user and is therefore low risk, making asking for consent every time too onerous.
“It will particularly hit those companies that... find it most difficult to talk directly to end users and what I mean by that is tech companies that operate in the background and sort of facilitate the buying and selling of advertising rather than the ones that the user directly engages with,” said Yves Schwarzbart, head of policy and regulatory affairs at the Internet Advertising Bureau (IAB).
Online advertising generates £10bn of revenue for publishers and content creators in the UK alone, according to the IAB.
Companies falling foul of the new law will face fines of up to 4 per cent of their global turnover, in line with a separate data protection law set to enter into force in 2018.
The proposal will need to be approved by the European Parliament and member states before becoming law.