Navigation path: European Commission > Information Society

POLICIES :: eCommunications :: Preserving privacy, protecting personal data

Preserving privacy, protecting personal data

Modern information and communication technologies transfer, manipulate and store vast amounts of data about their users. This includes personal data which describes and digitally defines individuals and organisations, and allows them to interact with each other via an array of technologies including the internet. Ensuring that this data is effectively protected is a key goal for European regulation.

Every time you use a credit card or browse on-line you disclose some personal data. The growth of communications networks, including mobile voice and data, and the boom in commercial services and transactions using them has vastly increased this flow of personal data.

The misuse or abuse of personal data is of increasing concern to society. Identity theft – the use of another person’s personal data to illegally obtain goods or services – is a growing criminal problem. And often with crimes the victim is unaware that they have even been targeted until much later.

Personal space

In Europe the right of an individual to privacy is enshrined in the European Convention on Human Rights and Fundamental Freedoms. The principles of the Convention form the basis for the regulatory framework put in place to protect personal data, including EU legislation on data protection.

The Directive on Privacy and Electronic communications built on earlier EU directives to ensure that a high level of privacy is granted to all communications over public networks regardless of the technology used. Any communication method must guarantee confidentiality.

Public protection

The Directive sets an enforceable legal framework that guarantees the individual’s right to privacy. It achieves this by putting in place measures that should be respected by any organisation (including governments and businesses) which handles personal data and during the design and use of data processes.

It covers processing of personal data and the protection of privacy including provisions on:

• the security of networks and services
• the confidentiality of communications
• access to stored data
• processing of traffic and location data
• calling line identification
• public subscriber directories, and
• unsolicited commercial communications.

The essential criterion which allows data to be stored and processed by an organisation is the effective consent of the individual providing their data. The Directive covers any data which travel over public networks in Europe and therefore also encompasses any data or services which originate outside the EU.

Time and place

In addition to the personal data that forms the essence of our communication, our actual use of telecommunications networks produces additional personal data, equivalent to leaving ‘digital footprints’.

So-called traffic data describes communication activity and is necessary for effective service provision but it is also sensitive data which can be used to build a detailed description of a person’s lifestyle and activities. The Privacy and Electronic Communications Directive limits the storage of such information to that required for billing purposes only. The exceptions to this rule are when the consumer has explicitly consented to the use of this information for marketing or value-added services, or in response to a valid request from police or security services investigating a criminal offence under relevant national legislation. A specific Directive (Directive 2006/24/EC) has harmonised the retention of data for law enforcement purposed.

Location data may also be generated when using a telecommunication service. Location data generated in mobile applications is also personal data and could be used as an effective method of surveillance of individuals. Again the Directive requires that such data is only retained with the consent of the subscriber and the subscriber should have the possibility to block any tracking facility even if they have subscribed to a location-based service.

Exceptions exist for emergency services such as 112 and law enforcement authorities.

Home | News | Calendar | Library | RSS | XML | Search | Contact | Help