First self-certifications accepted under Privacy Shield; EU Commission considers extension of telecommunication rules to apps.

U.S. Department of Commerce accepts first bunch of self-certifications under Privacy Shield

About 2 weeks after the announced start of the certification procedure under the “EU-U.S. Privacy Shield” (‘Privacy Shield’) on August 1, 2016, the U.S. Department of Commerce (‘DoC’) has officially granted certification status to a first set of approximately 40 U.S.-based multinational companies. According to a DoC spokesperson, “nearly 200 additional certifications” are still pending and hundreds more are expected in the next few weeks.

According to the publicly accessible Privacy Shield list, companies already approved under the new framework are predominantly major U.S. tech companies, such as i.a. Microsoft Corporation and Salesforce.

Companies which have not yet registered, but plan to do so, should consider signing up within the next 1 ½ months: for those submitting their certification until September 30, the DoC grants a grace period of 9 months from the date of certification to meet the necessary compliance requirements.

European Commission considers extension of telecommunication rules to over-the-internet services

According to leaked internal European Commission documents, the regulator is considering to extend the application of existing rules for telecommunication service providers to “over-the-top”-service providers (‘OTTs’), that means companies who offer communication services via the internet.

More precisely, as a result of the public consultation on the evaluation and review of the e-Privacy Directive (see also our last week’s blog post), the Commission is assessing in how far OTT services such as WhatsApp or Skype could be considered functional substitutes to traditional telecommunication services, and to which extent the existing rules might have to be adapted in order to ensure adequate protection of consumers and undistorted competition.

Whilst “traditional” EU-based telecommunication providers have called for the Commissions approach, OTT providers strongly oppose an extension of the existing rules. “In a data-driven economy that takes full advantage of the growth opportunities of data, private companies should be free to decide their business models, as long as the privacy rights of the users are cared for and safeguarded,” Facebook has stated in its filing on the consultation of the e-Privacy Directive.

The news have not been officially confirmed by the Commission yet. Nevertheless, Nathalie Vandystadt, Spokesperson for the Digital Single Market of the European Commission, has stated that “The Commission is indeed working on an update of EU telecoms rules under its Digital Single Market strategy.” A Commission’s proposal on how to adapt the respective rules can be expected later this year.