Jan Philipp Albrecht says one of his priorities is tough new rules on encryption. Photograph: Bodo Marks/EPA
The early proposals are understood to be a long way from a final legal text, which is not expected until the end of the year. The draft law will then have to go through the EU legislative machine, agreement by the 28 EU member states, including the UK, and the European parliament.
Albrecht said one of his priorities was tough new rules on encryption. The Edward Snowden revelations had made it clear that every communication needs to be end-to-end encrypted, he said.
Snowden, a former US contractor, handed a trove of documents to the Guardian and other newspapers that revealed how US and British intelligence had cracked the online encryption used by millions of people to secure their personal data.
The latest regulatory drive has rung alarm bells in the tech industry, as the new privacy proposals come hot on the heels of a significant new data privacy law agreed in June.
TechUK, an industry group that represents 900 internet companies, including Facebook and Microsoft, urged the commission to think carefully about the evidence of harm and the powers it already has at its disposal.
Charlotte Holloway, the director of policy at TechUK, said new regulations could have unintended effects far beyond OTT services and could spill into other areas, such as connecting devices to the internet. Its not just OTT messaging apps that could be affected in such a move, but new and emerging areas such as the internet of things and smart city technologies, she said. Commission officials must be vigilant to the unintended consequences of proposals which could undermine Europes future economic potential.
The UK, a critic of EU tech industry regulation, will have a say, but its voice will count for less following the Brexit vote.
Louise Bennett, the chair of security at the British Chartered Institute for IT, accused the EU of coming up with too many conflicting regulations and pointed to inconsistent loopholes under the latest plans, such as an exemption for Skype-to-Skype calls.
Trying to replicate regulations that were done for a completely different media in a completely different age is well-nigh impossible, she said, adding that the plans showed the gulf in views on internet regulation between the US and Europe.
There will never be total reconciliation between American views, where freedom of speech matters most, and European views, where privacy matters most.
The regulatory issues highlight the stark division between the technology sectors of Europe and the US. While the largest US technology firms, led by Apple and Googles parent, Alphabet, provide OTT services as part of their business, the largest European technology firms, such as Telefnica and Vodafone, are undercut by them.
Messaging is also seen as a saturated market, with little chance of a European entrant disrupting any of the big players. Of the 10 biggest messaging services by number of users, just one, Skype, was founded in Europe, but it is now owned by Microsoft.
The success or failure of OTT messaging services also has a strong bearing on national security issues worldwide. SMS messaging is almost entirely unencrypted and easily readable by law enforcement, but other messaging services vary in terms of their vulnerability to government agencies. WhatsApp and iMessage, for instance, enable end-to-end encryption by default on all messages, ensuring that even Facebook and Apple cannot access their content.
By contrast, Facebook Messenger only encrypts messages end-to-end if the user actively opts in to a private chat mode. As such, law enforcement bodies with an appropriate court order can easily access most messages sent through the service.
A European commission spokesperson said it was looking into the extent that people can consider OTT services to be functional substitutes for services provided by traditional telecoms operators and whether EU rules need to be adapted to better protect consumers.