Privacy & Information Security Law Blog

On October 16, 2014, the 36th International Conference of Data Protection and Privacy Commissioners in Mauritius hosted a panel including representatives from the European Data Protection Supervisor ("EDPS") and Hunton & Williams to discuss the need for a coordinated approach to net neutrality and data protection in the EU. While there are divergent views on what net neutrality should (or should not) entail, net neutrality in the EU typically refers to the principle that all Internet traffic is treated equally and without discrimination, restriction or interference.

There was general consensus among the panelists that it should be possible to deviate from the principle of net neutrality in exceptional circumstances. For example, the panelists discussed relaxing the principle to enable Internet access providers to manage Internet traffic in connection with preserving the integrity and security of their networks.  Because traffic management may involve processing personal data, panelists agreed that there should be a clear and coordinated approach to how EU data protection rules apply in this context.

During the discussion, Hunton & Williams partner Wim Nauwelaerts spoke about the proposed rules on net neutrality associated with the Telecoms Single Market Regulation (COM(2013)0627).  The proposed rules only vaguely refer to the need to comply with the EU Data Protection Directive and ePrivacy Directive, according to Nauwelaerts.  “There is need for further guidance on how fundamental data protection principles such as legitimacy (legal basis requirement) and proportionality (data minimization) will apply to traffic management measures,” said Nauwelaerts. “This guidance should take account of the fact that network threats change constantly, so traffic management measures that are sufficient today may be inadequate tomorrow.”