Today, the European Data Protection Supervisor (EDPS) adopted an opinion on the European Commission Communication on the open internet and net neutrality in Europe (*), a subject that has triggered great interest and controversy over recent months. Net neutrality refers to the issue of whether Internet service providers (ISPs) should be allowed to monitor network traffic to filter or restrict Internet access, for example to block specific services or applications (e.g. peer to peer) or give preference access to others.
The EDPS highlights the serious implications of these practices on the fundamental right to privacy and data protection of users, in particular, in terms of confidentiality of communications. Certain inspection techniques used by ISPs may indeed be highly privacy-intrusive, especially when they reveal the content of individuals' Internet communications, including emails sent or received, websites visited and files downloaded. It is therefore crucial that compliance with data protection rules be closely monitored
Peter Hustinx, Supervisor, says: “The concept of net neutrality builds on the view that information on the Internet should be transmitted impartially, without regard to content, destination or source. By looking into users' Internet communications, ISPs may breach the existing rules on the confidentiality of communications, which is a fundamental right that must be carefully preserved. A serious policy debate on net neutrality must make sure that users' confidentiality of communications is effectively protected."
The EDPS stresses that more should be done to come to a satisfactory policy on the way forward. He therefore calls on the Commission to initiate a debate involving all the relevant stakeholders with a view to clarifying how the data protection legal framework applies in this context. He recommends guidance to be provided in areas such as:
Depending on these findings, additional legislative measures may prove necessary. In the event of this, the Commission should put forward policy measures aimed at strengthening data protection rules and ensuring legal certainty. New measures should clarify the practical consequences of the net neutrality principle and guarantee users the possibility to exercise a real choice, notably by requiring ISPs to offer non-monitored connections.
(*) Communication from the European Commission of 19 April 2011: "The open internet and net neutrality in Europe" (COM(2011) 222 final)