Go to main content
Important legal notice

EUROPA - Europe's Information Society Thematic Portal

Navigation path: European Commission > Information Society
Language navigation: en
Home | News | Calendar | Library | RSS | XML | Search | Contact | Help

Local menu

Alternate presentations: Default layout Alternate layout, printer-friendly and allows font resizing

POLICIES :: eCommunications

FAQ

Frequently Asked Questions in the field of:

Protecting Privacy

Scope

The Privacy and Electronic Communications Directive deals with public communications services and networks.
Does this mean that its provisions are only applicable to providers of such services and networks ?

The Privacy and Electronic Communications Directive applies to the processing of personal data in connection with the provision of public electronic communication networks and service and thereby requires the Member States to create obligations for anyone involved in the forms of processing addressed by the Directive. For instance , Article 5(1) on confidentiality must lead to a prohibition for anyone to practice interception or surveillance of private communications between others over public communication networks. Article 5(2) on the use of spyware will cover anyone trying to gain access to someone else's computer. Article 13 on unsolicited commercial communications concerns anyone engaged in direct marketing activities over a public communications network.

Third country aspects

Does the Directive have extra-territorial effect ?

The scope of the directive covers the processing of personal data in connection with the provision of publicly available electronic communication networks and services in the Community. This implies that, for instance, the provisions regarding unsolicited commercial communications apply to all communications received over public networks within the EU and should also be respected by senders of such messages established outside the EU but addressing recipients within the EU. Similarly, the confidentiality requirement is also applicable with regard to interception or surveillance of communications terminating on EU networks by persons outside the EU. Obviously, the enforcement of these provisions with regard to persons operating from outside the EU may be more difficult and international cooperation is needed to address such cross border cases.

Law enforcement

How wide is the margin for Member States to deviate from the requirements of the Directive for the purpose of national security, defense and investigation and prevention of crime ?

Article 15(1) of the Privacy and Electronic Communications Directive allows Member States to restrict certain rights and obligations as included in the directive (namely confidentiality of communications, limitations on the processing of traffic and location data and withholding of calling line identification) provided that such restrictions a) are based on national legislative acts (e.g. restrictions cannot be based on voluntary agreements or on ministerial guidelines etc.) , b) are necessary to safeguard national security, defense, public security or are necessary for the investigation or prevention of crime or of unauthorized use of electronic communication systems (e.g. general tax purposes are not an acceptable ground for restrictions in this context) and c) constitute an appropriate and proportionate measure within a democratic society. These criteria are directly derived from case law established by the European Court of Human Rights in respect of Article 8 of the European Convention of Human Rights and Fundamental Freedoms which forms the basis of EU data protection and privacy legislation. In its case law the Court in Strasbourg has generally taken a restrictive line on national measures deviating from fundamental rights and freedoms. The exact margins for Member States beyond the criteria enumerated above, are not determined by the Directive.

The European Commission has adopted on 21 September a proposal for a Directive on the retention of communications traffic data ( DE / FR ). The proposal provides for an EU-wide harmonisation of the obligations on providers of publicly available electronic communications, or a public telecommunications network, to retain data related to mobile and fixed telephony for a period of one year, and internet communication data, for six months.
 

Software and hardware

Does the Privacy and Electronic Communications Directive also deal with privacy threats that arise from software and hardware used for communications ?

The Directive does not directly address the design of software and hardware used for communication services. Nevertheless, it is recognized that the functionalities for the provision of electronic communications services may be integrated in the network or in any part of the terminal equipment of the user, including the software and that the protection of the privacy of the user should be independent of the various components that constitute the service. At present there are no specific EU data protection rules for software and hardware and manufacturers of such products would be required to comply with general data protection rules under Directive 95/46/EC. Moreover, if this is considered necessary, Directive 1999 /5/EC on radio and telecommunications terminal equipment empowers the European Commission to adopt measures ensuring that terminal equipment, hard- or software, is constructed in a way that is compatible with the right of the user to protect and control their personal data , as is set out in Article 14(3) of the Privacy and Electronic Communications Directive.

Does the opt-in cover e-mail originating from outside the EU as well ?

The Privacy and Electronic Communications Directive covers all processing of personal data in connection with the provision of public electronic communications networks and services in the Community. This means that all communications sent from or received on a public network within the EU are covered by the provisions, including the new opt-in rule.

In practice it will be more difficult to undertake action against unsolicited commercial e-mail from outside the EU. Modalities for cooperation with authorities in third countries will need to be developed.

The Directive states that within an existing customer relationship direct marketing messages may be sent without prior consent for "similar products or services". What does this mean ?

The concept of similar products and services as those originally bought by the customer is not further defined. However, the same provision includes two further safeguards, namely that the data may only be used by the same company that has established the relationship with the customer and that each message must include an opt-out. It is therefore expected that the company has a strong interest not to abuse the notion of 'similar products or services' and that, in this case, the customer is in a good position to stop marketing messages should such abuse occur.

I receive numerous e-mail messages trying to sell me products and services I have never asked for. What can I do ?

If the unsolicited message comes from a company with a reputation to lose and if the message includes a return address, you may consider complaining directly to the sender of the message. You can point out that it is illegal to send unsolicited commercial messages without prior consent of the addressee, unless the e-mail address was obtain in the context of a prior sale (see above). However, in cases of senders who knowingly break the rules, requests to stop may have the perverse effect of triggering even more unsolicited messages.

You can also contact the data protection authority in your country for legal advice and assistance about the best way to get your right to privacy enforced.

Finally, you may want to check with your internet access service provider whether they provide anti-spam filtering services or whether they can recommend filtering software.

 

 

 

Back to top

Last update: 21/02/2007

 
Home | News | Calendar | Library | RSS | XML | Search | Contact | Help