The UK government’s desire to grant police and intelligence agencies access to encrypted messages goes against the General Data Protection Regulation (GDPR) that is set to take effect from 2018.
The UK’s primary objective for accessing secure communication is to stop terror attacks that have been witnessed in the country recently. This is to ensure that entities such as WhatsApp do not provide a secret media of communication for terrorists through which they plan their actions. Although this move is meant to seal security loopholes, it contravenes the GDPR which was ratified by the European Council and the European Parliament.
GDPR contains provisions that oblige companies to protect the privacy of European Union citizens. Since the regulation requires firms that deal in information storage or processing to safeguard privacy, disagreements are bound to arise between the UK authorities and the European Union.
The European Union is opposed to the implementation of the UK’s plan (backdoors) that infringes on the privacy of people. The EU believes that data protection regulations have not been advancing at the same pace as technology. As a result, ePrivacy regulations are necessary to offer solutions to some pending issues.
For instance, these regulations would end the problem of Over-The-Top (OTT) services. The UK government’s measures to access encoded communication like E2EE utilized by WhatsApp and others such as Signal are therefore contrary to the EU proposals. The EU draft proposals seek to regulate electronic communication data and forms part of the stricter GDPR. The proposal states that electronic service providers will ensure adequate protection of electronic data to prevent unauthorized access.
In addition, the mechanism of transmission must provide confidentiality and safety. Consequently, the UK authority’s desire to gain access is undoubtedly going to create conflicts based on the EU draft proposal. The European Union proposal draft further deals a blow to the UK government desires because decryption or monitoring communications is illegal when the electronic communication data is encrypted.
It is anticipated that the ePrivacy directive will align the 2002 law with the GDPR and maintain pace with technological development. They will also be tracking users and assist in behavioral and metadata collection.
However, such data collection exercises will require consent. Given this, the amendments will lead to the improvement of security and privacy structures of the European Union regulations.
The ePrivacy regulations will form part of the stronger GDPR and may deny the UK its desire to access encrypted messaging and probably prevent the country from using local legislation to control actions of global internet firms.