Metadata processing under scrutiny in Europe
An item in the law blog, Out-Law.com, notes that EU law makers are scrutinising the issue of metadata processing in the context of new EU laws on privacy and electronic communications (the e-privacy regulation). The Bulgarian presidency of the Council of Ministers has published a document that has highlighted that there are different views across national governments in the EU on the rules that should apply to metadata processing. Metadata, referred to in the draft e-privacy regulation as “electronic communications metadata”, is information that is connected to communications which does not include the content of those communications. Such information can include numbers called, websites visited, geographical location or the time and date a call was made, according to examples previously set out by the European Parliament.
The EU’s highest court has previously determined that such metadata can be considered to be just as sensitive as the actual content of communications because of insights that the data can offer into people's private lives. “The options put forward range significantly on what they would enable electronic communication service providers to do. Under one option, they would be free to process the metadata for the purpose of improving the quality of their services, such as for ‘network management and optimisation’. Under a more liberal option, permitted use of metadata could be linked to specific purposes where the purpose of the processing satisfies a public interest or end-user interest test.
A further loosening of provisions could allow telecoms operators to process specific types of metadata, such as location data, so long as businesses could show that ‘the purpose or purposes concerned could not be fulfilled by processing information that is made anonymous’. Under this option, however, the data would have to be erased or anonymised within 24 hours of being collected, and the operators would only be able to share an anonymised version of the data with third parties. In addition, the information could not be used in end-user profiling.” Read more here; metadata document here
- Thursday, 22 March 2018