Vie privée et communications électroniques
Avis sur la proposition de directive modifiant, entre autres, la directive 2002/58/CE concernant le traitement des données à caractère personnel et la protection de la vie privée dans le secteur des communications électroniques (directive "vie privée et communications électroniques"), JO C 181, 18.07.2008, p. 1
The EDPS adopted an opinion on the European Commission's proposal amending, among others, the Directive on Privacy and electronic communications (usually referred to as the ePrivacy Directive).
On the whole, the EDPS supports the Commission's drive to enhance the protection of individuals' privacy and personal data in the electronic communications sector. He particularly welcomes the proposed creation of a mandatory security breach notification system and the possibility for legal persons (e.g. consumer associations and Internet service providers) to take legal action against spammers. The clarification regarding the inclusion of a number of RFID applications in the scope of application of the Directive also represents a significant progress.
The EDPS however feels that the opportunity of this review should be used to its full potential so as to ensure that the proposed changes provide for a proper protection of personal data and privacy. He calls for further improvements to the Directive that should include the following:
- security breach notification: the obligation to notify any breach of security should not only apply to providers of public electronic communication services in public networks but also to other actors, especially to providers of information society services which process sensitive personal data (e.g. online banks and insurers, on-line providers on health services, etc.);
- scope of the Directive: the Directive should broaden its scope of application to include providers of electronic communication services also in mixed (private/public) and private networks;
- right of action against spammers: the new possibility given to legal persons to take action against those who infringe spam provisions should be extended to cover infringement to any provision of the ePrivacy Directive.