Subscribe to our RSS feedrss

EU Telecom Reform Enacts ePrivacy Directive

Source: European Commission
Posted on: 9th November 2009

ePrivacy Directive close to enactment: improvements on security breach, cookies and enforcement, and more to come

Following last week’s agreement on the EU telecoms reform, nothing stands in the way for the ePrivacy Directive to enter into force.

The formalities required for formal adoption will be undertaken in the coming weeks.

The revised ePrivacy Directive (*) , as amended by the European Parliament and adopted by the Council must be implemented by the Member States within 18 months.

The new provisions will bring vital improvements in the protection of the privacy and personal data of all Europeans active in the online environment.

The improvements relate to security breaches, spyware, cookies, spam, and enforcement of rules. The EDPS cooperated closely with the European Parliament, the Council and the European Commission on the legislative work leading to the final text (**) .

Peter Hustinx, EDPS, says: “I welcome the many improvements in the protection of privacy in the revised ePrivacy Directive. But it is now crucially important to broaden the scope of the security breach provisions to all sectors and further define the procedures for notification. Also, the new rules must be effectively enforced. I note in particular the emphasis on more effective enforcement of the rules on spyware and cookies. This has special relevance where privacy rights must be protected in relation to so called targeted advertising.”

The changes introduced include:

  • for the first time in the EU, a framework for mandatory notification of personal data breaches . Any communications provider or Internet service provider (ISP) involved in individuals’ personal data being compromised must inform them if the breach is likely to adversely affect them. Examples of such circumstances would include those where the loss could result in identity theft, fraud, humiliation or damage to reputation. The notification will include recommended measures to avoid or reduce the risks. The data breach notification framework builds on the enhanced provisions on security measures to be implemented by operators, and should stem the increasing flood of data breaches;
  • reinforced protection against interception of users’ communications through the use of – for example – spyware and cookies stored on a user’s computer or other device. Under the new Directive users should be offered better information and easier ways to control whether they want cookies stored in their terminal equipment;
  • the possibility for any person negatively affected by spam , including ISPs, to bring effective legal proceedings against spammers;
  • substantially strengthened enforcement powers for national data protection authorities. They will for example be able to order breaches of the law to stop immediately and will have improved means of cross-border cooperation.

Topics: , , , , , , , , , , , ,

Print This Article in Plain Text Print This Article in Plain Text


Receive the Gov Monitor Newsletter

Latest Headlines

In The News

New York Expidites Completion Of Brooklyn Bridge Park

Plan (MGPP) that will help to

Scotland Positions For Lead In Carbon Capture And Storage

A plan to position Scotland as

HHS Invests $61.2 Million For Florida Back To Work Program

Governor Charlie Crist today announced that

Florida Reduces Unemployment Compensation Tax For Businesses

Also announces $200 million in federal

New Jersey Governor Christie Goes After Wasteful Spending

Vetoes Minutes of Delaware River and