European Data Protection Supervisor
European Data Protection Supervisor

e-Privacy

e-Privacy

Thursday, 10 April, 2008
10
Apr
2008

e-Privacy

Opinion on the Proposal for a Directive amending, among others, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ C 181, 18.07.2008, p. 1

The EDPS adopted an opinion on the European Commission's proposal amending, among others, the Directive on Privacy and electronic communications (usually referred to as the ePrivacy Directive).

On the whole, the EDPS supports the Commission's drive to enhance the protection of individuals' privacy and personal data in the electronic communications sector. He particularly welcomes the proposed creation of a mandatory security breach notification system and the possibility for legal persons (e.g. consumer associations and Internet service providers) to take legal action against spammers. The clarification regarding the inclusion of a number of RFID applications in the scope of application of the Directive also represents a significant progress.

The EDPS however feels that the opportunity of this review should be used to its full potential so as to ensure that the proposed changes provide for a proper protection of personal data and privacy. He calls for further improvements to the Directive that should include the following:

  • security breach notification: the obligation to notify any breach of security should not only apply to providers of public electronic communication services in public networks but also to other actors, especially to providers of information society services which process sensitive personal data (e.g. online banks and insurers, on-line providers on health services, etc.);
  • scope of the Directive: the Directive should broaden its scope of application to include providers of electronic communication services also in mixed (private/public) and private networks;
  • right of action against spammers: the new possibility given to legal persons to take action against those who infringe spam provisions should be extended to cover infringement to any provision of the ePrivacy Directive.
COM(2007) 698 final of 13.11.2007PDF icon