Messaging apps such as Messenger or WhatsApp and video calls on Zoom face stricter privacy rules in Europe, after a draft law passed a key EU hurdle on Wednesday.
The EU’s 27 member states approved a proposal that was stuck since 2017, with countries split between those wanting strict privacy online and others wanting to give leeway to law enforcement and advertisers.
Portugal, which currently holds the EU’s rotating presidency, submitted a compromise proposal that was approved by qualified majority at a meeting in Brussels.
“The path to the council position has not been easy,” Portugal’s minister of infrastructure Pedro Nuno Santos said.
“But we now have a mandate that strikes a good balance between solid protection of the private life of individuals and fostering the development of new technologies and innovation.”
France, which wants to give its police forces stronger tools to fight terrorism, wants to limit the law’s curbs on access to private data.
The fight against child pornography was also a major concern of many member states.
But Germany supported far more robust privacy rules, with fewer exceptions.
In the approved text, member states agreed that service providers are allowed “to safeguard the prevention, investigation, detection or prosecution of criminal offences”.
In addition, companies such as Facebook and Google, can continue to process metadata of their users, but only with consent and if the information is made anonymous.
The final text also lent support to the advertising industry and abandoned a plan to ban so-called cookies that closely track user activity online.
The proposal updates existing EU rules that date back to 2002, under which strict privacy protection is only applied to text messages and voice calls provided by traditional telecoms, sparing tech giants.
Portugal will now negotiate with the European Parliament on a final version of the plan, that would then need ratification by MEPs and the 27 member states.
But the lead parliament’s rapporteur overseeing the negotiation warned that the talks would be rigorous.
“It is to be feared that the industry’s attempts to undermine the directive over the past years have borne fruit — they’ve had enough time to do that,” Birgit Sippel, a German MEP from the centre left S&D group, said.
“We must now analyse in detail whether the proposals of the member states really contribute to better protecting the private communication of users online, or instead primarily serve the business models of some digital corporations.”
Related: EU Court Opinion Leaves Facebook More Exposed Over Privacy
Related: Facebook Says EU Antitrust Probe Invades Employee Privacy
