Tough new rules on tracking users by messaging services, laid out by the European Commission in a revision of its ePrivacy Directive, will affect WhatsApp, Facebook Messenger, and Gmail among others.
The measures proposed will update existing privacy rules that only apply to telecommunications providers at the moment, according to an EC statement.
"Privacy rules will now also cover new providers of electronic communications services, such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, or Viber," the EC said.
It said privacy would be guaranteed for both the content and metadata in electronic messages.
{loadposition sam08}"Both have a high privacy component and, under the proposed rules, will need to be anonymised or deleted if users have not given their consent, unless the data is required for instance for billing purposes," the proposed revision states.
Andrus Ansip, vice-president for the Digital Single Market, was quoted as saying: "Our proposals will deliver the trust in the Digital Single Market that people expect. I want to ensure confidentiality of electronic communications and privacy. Our draft ePrivacy Regulation strikes the right balance: it provides a high level of protection for consumers, while allowing businesses to innovate."
The EC's proposed new rules aim to ensure that personal data handled by EU institutions and bodies will protect privacy in the same way as it is done in all EU member states.
The new proposals also include opportunities for commercial use of personal data. "Once consent is given for communications data, both content and/or metadata, to be processed, traditional telecoms operators will have more opportunities to use data and provide additional services," the EC said.
Email, SMS and telephone spam will be banned under the new rules.
On cookies, the rules say, "No consent is needed for non-privacy intrusive cookies improving Internet experience (e.g. to remember shopping cart history). Cookies set by a visited website counting the number of visitors to that website will no longer require consent."
The EC also said that it would hold discussions on reaching "adequacy decisions" - allowing "for the free flow of personal data to countries with 'essentially equivalent' data protection rules to those in the EU - with key trading partners in east and south-east Asia, starting with Japan and South Korea in 2017, and also with interested countries in Latin America and the rest of Europe".
The new rules, which have to be approved by the European Parliament and member states, are expected to be adopted across the EU on 25 May 2018 when the General Data Protection Regulation, which has had an update, will become applicable.