The European Data Protection Supervisor (EDPS) has recommended that future data protection laws in Europe should include strong protections for end-to-end encryption, including a complete ban on ‘back-doors’.
In his Preliminary EDPS Opinion on the review of the ePrivacy Directive, published last Monday, Giovanni Buttarelli wrote:
The EDPS recommends that the new provisions for ePrivacy clearly allow users to use end-to- end encryption (without 'back-doors') to protect their electronic communications. The EDPS further recommends, as also suggested by the WP29, that decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited.
Providing back-doors into encrypted communications should be specifically prohibited, wrote the EDPS:
[T]he new legal instrument for ePrivacy [should] specifically prohibit encryption providers, communications service providers and all other organisations (at all levels of the supply chain) from allowing or facilitating 'back-doors'.
Buttarelli’s recommendations, if followed by the Commission, could have important implications for measures in the UK’s Investigatory Powers Bill aimed at providing back-doors into encrypted communications. Despite Brexit, the UK is likely to find itself having to conform to much of European data protection legislation if it wants to provide digital services to European users.
For more information, see: Encryption backdoors appear on EU data chief’s ban wishlist – Ars Technica