New faith in privacy regulation? We need proof of conversion

New faith in privacy regulation? We need proof of conversion

Mr. Zuckerberg has discovered the usefulness of regulation to protect our personal data. After years of lobbying against the adoption of the EU General Data Protection Regulation (GDPR) and of lamenting the ills of its implementation, Facebook seems ready to embrace European data protection law and even spread it across the world. Similar sentiments were recently expressed by Twitter.

This is a welcome change. Maybe the fines recently imposed by regulators and the increased scrutiny of their business model predicted on exploiting personal data are, after all, the necessary incentives to change these companies’ stance on our privacy. Yet they continue to resist. The companies continue to challenge every decision made against them. So they want regulation but are not ready to accept scrutiny by the independent authorities charged with the implementation of these new rules.

There remains a question of trust, or lack thereof. Can we take these apparent conversions at face value?

We need proof of this new faith in regulation and luckily we can get such proof by looking at the way big tech companies are already approaching new laws. A prime example is the European e-privacy regulation, which is being discussed.

This European law is needed to protect privacy and security of data in our devices, in transit across communications networks and at rest in companies’ servers. It complements and specifies the rules of GDPR. It updates the current e-privacy directive, which was adopted in 2002. The reform is essential to strengthen individuals' right to privacy and confidentiality of communications across the EU as well as rebuilding and reinforcing public trust and security in the digital economy. 

Consumer groups, civil society actors, and many companies support it. All the European data protection regulators support it. So does the European Parliament. And there is strong public demand for stronger confidentiality and security of digital communications and devices.

However, this proposed law has been languishing for over two years, mostly because of strong opposition and lobbying by tech companies and other powerful actors. The reasons for opposition are suspiciously similar to those bandied at the time of the negotiations of the landmark GDPR: this proposed law, they claim, will be detrimental of innovation and it will unduly increase the burden of compliance on companies.

Facebook, Twitter and others have now an opportunity to prove the strength of their new faith in regulation. They can publicly support the speedy adoption of a strong e-privacy regulation which prevents tracking of users and protects against access to users’ devices. They can publicly call for the e-privacy regulation to include privacy by design and by default in all the devices and networks to protect the confidentiality and security of our data. 

They can mobilise their considerable and effective PR resources to support the adoption of a strong e-privacy regulation.

Hopefully in three-months time, when someone will seek to find out how the negotiations on the adoption of the e-privacy regulation were conducted, they will note this moment in time as when the mood changed and the draft law gained necessary support. They will, we hope, find evidence that the big tech companies have mobilised their powerful lobbying machines to achieve those aims (and undo their previous efforts to oppose new e-privacy rules.)