By Andreea Belu
  • In the digital space, “postal services” often snoop into your online conversations in order to market services or products according to what they find out from your chats.
  • A law meant to limit this exploitative practice is stalled by the Council of European Union

We all expect our mail to be safe in the hands of a mailman. We have confidence that both the post office and the mailmen working there will not take a sneak-a-peak into our written correspondence. Neither we expect mailmen to act like door-to-door salespersons.

When we say “postal services” snoop, it is important to understand that this refers to both traditional mail services such as Yahoo, but also instant messaging apps like WhatsApp. While targeted ads are no longer popular among mail providers, the practice is gaining momentum in the instant messaging zone after Facebook’s CEO announced plans to introduce ads on WhatsApp’s Status feature.

Not just shoes ads

You might think: ”Well, what’s the harm in having shoes advertised after they’ve read the shopping chats between my friend and me?”. Short answer: it’s not just shoes.

Often targeted ads are the result of you being profiled according to your age, location, gender, sexual orientation, political views or ethnicity. You will receive jobs ads based on your gender, or housing ads based on your ethnicity. Sometimes, you may be targeted because you feel anxious or worthless. Are you sure all of these will benefit you? More, your online mailman might be required to read all of your mail, just in case you get in trouble with the law in the future. We call this mass data retention.

Click to watch the animation

The need for encrypted mail in storage *and* in transit

The WhatsApp case is a good example. Currently, WhatsApp seals the message right after you press “send”. The message goes to WhatsApp’s servers, is stored encrypted, and then sent to its recipient, also encrypted. This means that, technically, the mail is encrypted both in storage and in transit and nobody can reads its content. However, as Forbes points out, future ads plans might modify WhatsApp’s encryption so that they “first identify key words in sentences, like “fishing” or “birthday,” and send them to Facebook’s servers to be processed for advertising, while separately sending the encrypted message.

There’s a law for it, but it’s stalled by the EU Council

The ePrivacy Regulation, which is currently under negotiation, is aimed at ensuring privacy and confidentiality of our electronic communications, by complementing and particularising the rules introduced by the General Data Protection Regulation (GDPR). The EU Parliament adopted a good stand for ePrivacy that would ensure your online messages are protected both in storage and in transit (Art.5), that would consider “consent” as the only legal basis for processing data (Art 6), that would make privacy–by–design and privacy–by–default core principles in software design (Art. 10), and that would protect encryption from measures aimed at undermining it (Art. 17). However, the Council of the European Union is yielding under big tech lobby pressure and drafted an opinion that threatens our rights and freedoms. More, the text adopted by the EU Parliament in October 2017 has been stuck in the EU Council, behind closed-door negotiations for soon two years. We have sent several letters (here, here and here) calling for the safeguarding our communications and for the adoption of this much needed ePrivacy Regulation.

Will our voices be heard? If you are worried about being targeted based on your private conversations, join our efforts and stay tuned for more updates coming soon.


Read more:

Your family is none of their business (23.07.2019)
https://edri.org/your-family-is-none-of-their-business/

Real-time bidding: The auction for your attention (4.07.2019)
https://edri.org/real-time-bidding-the-auction-for-your-attention/

e-Privacy Directive: Frequently Asked Questions
https://edri.org/epd-faq/

e-Privacy: What happened and what happens next (29.11.2017)
https://edri.org/e-privacy-what-happened-and-what-happens-next/

e-Privacy Mythbusting (25.10.2017)
https://edri.org/files/eprivacy/ePrivacy_mythbusting.pdf