Interesting development in Europe, as told by our friends at La Quadrature du Net.
No Privacy Without Net Neutrality
*** Brussels, October 12th, 2011 – In a ground-breaking opinion on Net neutrality, the European Data Protection Supervisor stresses that restrictions to Internet access inevitably harm privacy. As the European Parliament enters in the final stage of the negotiations on its resolution on Net neutrality, this opinion underlines that the EU Commission’s “wait and see” approach is bound to fail and is unjustifiable. Members of the EU Parliament must preserve citizens’ privacy by requiring strong regulatory measures to ban discrimination of online communications. ***
In this opinion on Net neutrality , the European Data Protection Supervisor (EDPS) makes clear that the protection of Net neutrality is necessary to ensure the confidentiality of communications.
According to the EU privacy watchdog, traffic management practices that are not strictly necessary to ensure the network’s security or integrity amount to a global monitoring and inspection of users’ communications, thereby undermining privacy.
To respect current data protection laws, the EDPS stresses that users must give explicit consent to their Internet communications being monitored and restricted. It further stresses that users should always have the choice between a restricted offer and neutral Internet access, without being imposed higher costs by telecom operators.
These conclusions blow in pieces Commissioner Neelie Kroes’ “wait-and-see” approach based on “transparency”  in contracts is enough to protect users against restrictions of their Internet access.
“The EDPS demonstrates that any discrimination between Internet services, protocols, sources or contents imposed by telecom operators inevitably hurts the confidentiality of communications. It is therefore the duty of the Members of the EU Parliament to protect privacy by departing from Commissioner Kroes’ failed “wait-and-see” approach. The Parliament must require concrete legislative measures to ensure Net neutrality, therefore protecting EU citizens privacy, freedom of expression, as well as innovation and competition online”, concludes Jérémie Zimmermann, spokesperson of the citizen adovacy group La Quadrature du Net.
** Key quotes from the EDPS opinion **
Net neutrality violations harm privacy: “Inspection techniques based on traffic data and inspection of IP payloads, i.e. the content of communications, may reveal users’ Internet activity: websites visited and activities on those sites, use of P2P applications, files downloaded, emails sent and received, from whom, on what subject and in which terms, etc. ISPs may want to use this information to prioritise some communications, such as video on demand, over others. They may want to use it to identify viruses, or to build profiles in order to serve behavioural advertising. These actions interfere with the right to the confidentiality of communications”. (§78)
Failure of mere transparency: ” Individuals’ consent would not be freely given if they had to consent to the monitoring of their communication data in order to get access to a communication service. This would be even more true if all providers in a given market were to engage in traffic management for purposes that went beyond security of the network. The only option left would be not to subscribe to an Internet service at all. Given that the Internet has become an essential tool both for work and for leisure purposes, not subscribing to an Internet service does not constitute a valid alternative. The result would be that the individuals would have no real choice, i.e. they would not be able to freely give consent”. (§55)
Access to neutral Internet is crucial: “The EDPS considers that there is a clear need for the Commission and national authorities to monitor the market, particularly to ascertain whether this scenario – i.e. providers linking telecommunication services to communication monitoring – becomes mainstream. Providers should offer alternative services, including an Internet subscription not subject to traffic management, without imposing higher costs to individuals”. (§56)
Recommended policy steps: “(…). From a data protection and privacy perspective, the scenario where ISPs engage on a routine basis in traffic management policies offering subscriptions based on filtering access to content and applications, would be highly problematic. If this were ever to happen, legislation would need to be put in place to address this situation”. (§84). Note: Actually, evidence suggests that telecom opertors already engage in such harmful practices. See the reporting platform RespectMyNet.eu
* References *
2. The recently revised Telecoms Package states that operators should inform users about access restrictions. This “transparency” has been taken as a pretext for inaction by pseudo liberals. According to them, citizens can “vote with their feet” and choose between different restricted offers. The EDPS just proved that this approach fails to respect EU privacy law.