Communications électroniques, société de l’information

Deuxième avis relatif au réexamen de la directive 2002/58/CE concernant le traitement des données à caractère personnel et la protection de la vie privée dans le secteur des communications électroniques (directive "vie privée et communications électroniques"), JO C 128, 06.06.2009, p. 28

This Opinion follows upon a first EDPS Opinion, as well as Comments, in which recommendations were made to help ensure that the proposed changes effectively provide for the best possible protection of personal data.

This Second Opinion comes as a response to the Council's Common Position which, on a number of critical points, fails to endorse some of the data protection safeguards proposed by the European Parliament and the European Commission or previously recommended by the EDPS. The recommendations presented in this Opinion aim at streamlining some of the provisions of the Directive, while at the same time ensuring an adequate level of data protection and privacy.

The Opinion particularly focuses on the provisions relating to the setting up of a mandatory security breach notification system for which the Supervisor believes there is still some room for improvement.

EDPS Comments on selected issues that arise from the IMCO report on the review of Directive 2002/22/EC (Universal Service) & Directive 2002/58/EC (ePrivacy)

Avis sur la proposition de décision instituant un programme communautaire pluriannuel visant à protéger les enfants lors de l'utilisation de l'Internet et d'autres technologies de communication, JO C 2, 7.01.2009, p. 2

Avis sur la proposition de directive modifiant, entre autres, la directive 2002/58/CE concernant le traitement des données à caractère personnel et la protection de la vie privée dans le secteur des communications électroniques (directive "vie privée et communications électroniques"), JO C 181, 18.07.2008, p. 1

The EDPS adopted an opinion on the European Commission's proposal amending, among others, the Directive on Privacy and electronic communications (usually referred to as the ePrivacy Directive).

On the whole, the EDPS supports the Commission's drive to enhance the protection of individuals' privacy and personal data in the electronic communications sector. He particularly welcomes the proposed creation of a mandatory security breach notification system and the possibility for legal persons (e.g. consumer associations and Internet service providers) to take legal action against spammers. The clarification regarding the inclusion of a number of RFID applications in the scope of application of the Directive also represents a significant progress.

The EDPS however feels that the opportunity of this review should be used to its full potential so as to ensure that the proposed changes provide for a proper protection of personal data and privacy. He calls for further improvements to the Directive that should include the following:

• security breach notification: the obligation to notify any breach of security should not only apply to providers of public electronic communication services in public networks but also to other actors, especially to providers of information society services which process sensitive personal data (e.g. online banks and insurers, on-line providers on health services, etc.);
• scope of the Directive: the Directive should broaden its scope of application to include providers of electronic communication services also in mixed (private/public) and private networks;
• right of action against spammers: the new possibility given to legal persons to take action against those who infringe spam provisions should be extended to cover infringement to any provision of the ePrivacy Directive.

Durant sa troisième année d'activités, le CEPD a continué à s'investir dans l'implantation d'une culture avancée de la protection des données dans les institutions et organes européens. Depuis 2004, 150 contrôles préalabes de traitements à risques et 25 avis sur des propositions de législation ont été publiés. Le temps est venu pour le CEPD d'élargir ses activités de supervision, de commencer des inspections et de mesurer les résultats.