European privacy laws work to scammers’ advantage

Privacy laws are wonderful. They protect our personal data from being shared with everyone from marketers to the government. But there is a downside. In the European Union, strict telecommunications privacy laws are also preventing phone carriers from properly protecting their subscribers from fraud and nuisance calls.

The problem with European Union telecommunications laws

What are these privacy laws? They are not GDPR, the General Data Protection Regulation that applies broadly to all services available to EU residents. GDPR rules allow flexibility in their application to protect users from fraud.  

At issue are older laws such as the ePrivacy Directive, short for the Privacy and Electronic Communications Directive 2002/58/EC, and the implementation of this directive in EU member countries. The directive sets rules for communications confidentiality and protection of personal data in communications — whether communication be over the internet, via email, or over the phone. Rules in the ePrivacy Directive specifically limit what carriers can do with “call traffic data” — the basic information about a phone call that is taking place, such as phone numbers, time and duration of call, and routing of a call on the telecommunications providers’ infrastructure. However, this is some of the same data that spam protection services use to stop nuisance and fraudulent calls. Carriers are only allowed to use call traffic data to:

  1. Bill the customer.
  2. Protect the phone network from physical harm (such as a danger that would harm the telecommunications equipment).
  3. Complete the phone call.

If carriers want to do anything else with the call traffic data, they need to have permission from both the calling party and the receiving party. You can see the problem. It may not be difficult for carriers to get permission from the receiving party (their customers) to process their call data in order to stop spam calls, but they’re never going to get permission from the calling party (the scammers). The way the telecommunications laws are currently written, carriers can’t even look at the calling party’s number in order to prevent fraud.

Competing directives

On the other hand, phone carriers are being pressed by other regulators — and subscribers — to crack down on telecommunications fraud. Carriers are faced with competing directives: regulators and subscribers want carriers to stop fraud calls, while EU telecommunications laws state that they can’t use call traffic data, even data about callers that originate outside their network, which data is necessary to prevent fraud and nuisance calls.

But carriers should have the right — even the obligation — to protect their subscribers. They should be allowed to not only protect their networks from physical harm (#2 above) but they should be able to protect their networks from fraud being perpetuated on their customers through their networks.

What’s the solution?

So, what’s the solution? One option is to wait for the telecommunications laws to change. However, that could take years. And in the meantime, more and more subscribers will be defrauded and more money will be lost by victims of phone fraud.

Another option is to offer a mobile app that subscribers download onto their device. When a subscriber downloads a mobile app, the app asks for permission to use their calling data to prevent fraud. Because it is the user, and not the carrier, providing their call data for analysis, the e-Privacy Directive’s limitation on traffic data use does not apply.  Hiya has been successful in this regard in helping several European carriers develop spam prevention apps for their subscribers’ adoption. For example, Hiya’s call protection services are being used in consumer apps offered to Telenor subscribers in Norway and Pepephone subscribers in Spain.

The downside of spam-fighting mobile apps is that users have to download them and turn them on, which results in relatively low uptake of the service. Hiya’s latest State of the Call report shows that fewer than half of all survey respondents in Spain, France, Germany, and the UK have downloaded call protection apps.  

The best option is to integrate call protection right into the carriers’ network, something that Hiya does in the U.S., Canada, and the UK. Network integration offers the highest level of protection and is turned on for all subscribers without requiring them to download and manage an app. Thanks to AI and other emerging technology, scammers are finding more efficient ways to do a better job of scamming people — at Hiya we believe that carriers should be able to use these same tools to fight back and protect the voice channel.

If you would like to learn more about Hiya’s call protection services, we would be happy to answer any questions or provide a demo. Simply contact the European business development team by emailing carriers@hiya.com.