Alessandro Bruni, KU Leuven, Leader WP3
One of the most crucial EU legislative initiatives that will be taken into account in the development of the Safe-DEED project is the European Electronic Communications Code (EECC). The EECC, one of the ten Digital Single Market legislative initiatives put forward by the European Commission in 2015, is the cornerstone of the EU strategy for developing the EU Digital Single Market. The main objectives of the EECC include increasing consumer choice, providing high quality and innovative services at a lower price, and enhancing security and confidentiality of communications.
The EECC will, among other things, promote an equal level playing field between traditional operators and new “Over The Top” Operators (OTTs). To do so, the new EEC provisions broaden their subjective scope of application,. According to Art. 2 EECC the measures foreseen in the EECC apply to providers of electronic communications networks and electronic communications services. The last category is composed of providers of internet access services, (‘IAS’), and of interpersonal communications services (‘ICS’). ICS category includes ‘number-based ICS (‘NB ICS’) providers’ (traditional phone call (and SMS) operators) and ‘number-independent ICS (‘NI ICS’)’ providers (e.g. WhatsApp). Besides, electronic communication service providers include providers of “services consisting wholly or mainly in the conveyance of signals such as transmission services used for the provision of machine-to-machine services and broadcasting” (Art.2 EECC).
In the Safe-DEED context, it is crucial to focus on the transmission of services used for the provision of machine-to-machine (M2M) services. Differently from the other communication services listed in Art. 2 EECC, the M2M services should not be considered as interpersonal since such communications occur with limited or no human interaction. Also, M2M services typically consist of an automated transfer of data and information between devices or software-based applications. This definition of M2M services included in the EECC correspond to the Safe-DEED technical characteristics. Notwithstanding the specific features of such services, M2M service providers will have to ensure the security of their services, similar to the other electronic communication service providers. Practically, they will have to build their systems in order to “to resist, at a given level of confidence, any action that compromises the availability, authenticity, integrity or confidentiality of those networks and services, of stored or transmitted or processed data, or of the related services offered by, or accessible via, those electronic communications networks or services”(Rec.21 EECC).
From a data protection perspective, Rec.21 EEC is extremely interesting for the implication it might have in the discussion around the confidentiality of M2M communications. In fact, even if in the M2M context human interaction is limited or even absent, it is questionable whether such communications should be considered confidential or not.
In the European Commission ePrivacy Regulation proposal, it is explicitly indicated that the principle of confidentiality should also apply to the M2M communications. The proposal, however, is which is far from being finalized. Currently, in the course of the legislative development of the proposal, such reference has been deleted by the European Parliament. The European Parliament decision leaves the door open to any possible conclusion on whether such communications should be considered confidential or not.
Rec. 21 EECC referring to the necessity for electronic service providers to ensure confidentiality seems to support the initial ePrivacy Regulation proposal perspective, and it would be therefore interesting to see how the different Member States will implement such provision while transposing the EECC.
The Safe-DEED project will massively rely, for its implementation and deployment, on M2M services. Considering this, in the upcoming months an in-depth legal analysis will be carried out in regards to the implications around the confidentiality of M2M communications.