How will GDPR impact the mobile industry?

The EU’s General Data Protection Regulations (GDPR) are the biggest shakeup in privacy legislation for more than a generation. It comes into effect this Friday, as the two year grace period for any organisation that handles the data of EU citizens – even if they’re not in the EU – expires.

The major impact of GDPR is twofold. Firstly, it places increased obligations on businesses in terms of how they use and protect personal information and secondly, it gives citizens greater control over how organisations use and collect it.

Businesses must take all reasonable steps to ensure that data is protected and disclose any breach responsibly and rapidly. They must also gain explicit consent for this data to be used and only use it for the specific purpose for which it has been collected.

Meanwhile, citizens can demand to see what data an entity has on them and for it to be deleted if so wished. It’s a task that all industries have had to contend with and, with just days before the deadline, some still are.

GDPR and mobile operators

The mobile industry has been no different with this regard. In addition to the numerous emails pleading for you to consent to be contacted that have flooded inboxes over the past few weeks, mobile applications have been doing the same and urging users to review privacy agreements.

Many tech vendors have suggested GDPR is a good thing and will open up new opportunities for businesses. It’s true that the security and visibility of many organisations’ IT infrastructure will be better after GDPR, but it’s especially true for mobile operators given most are probably already compliant.

For years, the telecoms industry has complained about over the top (OTT) applications such as WhatsApp and Skype encroaching on their territory, yet not being subject to the same stringent regulations that operators are. They believe that because GDPR applies to all organisations – not just telecoms – that the playing field is being evened out.

“The view of GDPR is a positive one,” Boris Wojtan, director of privacy at the GSMA, tells Tech Radar Pro. “if you think about the telco sector and mobile operators generally, we’ve built our industry on trust and the confidentially of communications. We depend on that for the whole thing to work. Without that trust, we wouldn’t have this industry.”

“The telco sector has been used to stringent rules from the outset in terms of regulations and operator licences. GDPR raises the bar for everyone in the digital economy. It comes at a crucial time. The digital ecosystem is constantly revolutionizing itself at speed and the traditional boundaries are being broken down and becoming redundant and meaningless.”

Data advantage

The big advantage that telcos have over OTT is their data. Whereas OTT developers can only see what happens within their application, mobile operators can see everything on the network, from call data to application usage, and have access to integrated billing.

One way developers have tried to get around this is to request access to more data, with some not being transparent about which permissions they require on a device. Since GDPR mandates that organisations make it clear and in simple language what data they want they access and to gain explicit consent, mobile operators will feel their treasure trove of data will be harder to replicate

“It’s about creating a fair set of rules for consumers and delivering it in a consistent way, adds Wojtan. “From a business side, it makes sense that if organisations are doing the same thing then they should have the same regulations.”

He adds that another reason the industry is in favour of the regulation is that they are principle-based rather than prescriptive, meaning they will reflect changing technologies and trends: “Most importantly, consumers get a consistent level of protection for [both phones and apps].”

Future legislation

Naturally, the GSMA would like to see OTT application regulation go further and for restrictions on mobile operators to be eased. It is concerned that EU’s ePrivacy directive will offset the benefits of GDPR and place more obligations on operators, negate any levelling of the playing field, and hinder the rollout of 5G and Internet of Things (IoT) services.

For example, mobile operators use aggregated, anonymised data to optimise their networks. However with 5G networks requiring more micro infrastructure, such as small cells, covering smaller groups of people, ePrivacy could determine that the data used is too easily identifiable. The GSMA wants GDPR and ePrivacy to be more closely aligned.

“While everyone recognises that this sort of data does have to be handled with care, there is concern that the way the rules are being drafted at the moment will be unduly restricted and constrain what mobile operators could and should be doing,” added Wojtan.

“We think there are sufficient safeguards.”

Steve McCaskill is TechRadar Pro's resident mobile industry expert, covering all aspects of the UK and global news, from operators to service providers and everything in between. He is a former editor of Silicon UK and journalist with over a decade's experience in the technology industry, writing about technology, in particular, telecoms, mobile and sports tech, sports, video games and media.