Justin Sullivan/Getty Images
Under a proposal presented by the European Union executive on Tuesday, the web companies would have to guarantee the confidentiality of their customers' conversations and get their consent before tracking them online to target them with personalized advertisements.
For example, email services such as Gmail and Hotmail will not be able to scan customers' emails to serve them with targeted advertisements without getting their explicit agreement.
This could have a significant impact: Most free online services, of course, are reliant on advertising to fund themselves. Everyone from Google to Facebook uses ad dollars to be able to provide their apps and services to users free of charge.
As such, it's a huge industry. Spending on online advertising in 2015 was 36.4 billion euros, according to the Internet Advertising Bureau (IAB).
Europe says it's just closing a regulatory gap
The proposal by the European Commission extends some rules that now apply to telecom operators to web companies offering calls and messages using the internet, known as "Over-The-Top" (OTT) services, and seeks to close a perceived regulatory gap between the telecoms industry and mainly U.S. Internet giants such as Facebook, Google and Microsoft.
It would allow telecoms companies to use customer metadata, such as the duration and location of calls, as well as content to provide additional services and so make more money, although the telecoms lobby group ETNO said they remain more constrained than their tech competitors.
The proposal also streamlines Europe's much maligned "cookie" laws. Currently, sites have to ask users when they first visit whether they consent for the site to place a cookie - a bit of tracking data that can remember the users' preferences and settings (their shopping basket when not logged in, for example). The new rules would require web browsers to ask users upon installation whether they want to allow websites to place cookies on their browsers to deliver personalized advertisements.
A previous version of the proposal would have forced browsers to set the default settings as not allowing cookies at all.
Companies could face big fines if they don't comply
Some online advertisers have reacted with alarm, arguing that such rules would undermine many websites' ability to fund themselves and keep offering free services.
"It will particularly hit those companies that ... find it most difficult to talk directly to end users and what I mean by that is tech companies that operate in the background and sort of facilitate the buying and selling of advertising rather than the ones that the user directly engages with," said Yves Schwarzbart, head of policy and regulatory affairs at the IAB.
But the CEO of advertising tech company Appnext, whose revenues come entirely from advertising spending, said the new rules would bring clarity and would not have a significant impact on business models or revenue.
"There is no doubt that it is time for the entire ecosystem to become more transparent and fair to all of the stakeholders. Users want easy access to trustworthy sources of information while feeling safe with the data they share," Elad Natanson said.
Companies falling foul of the new law will face fines of up to 4.0 percent of their global turnover, in line with a separate data protection law set to enter into force in 2018.
The proposal will need to be approved by the European Parliament and member states before becoming law.