Go to main content
Important legal notice

EUROPA - Europe's Information Society Thematic Portal

Navigation path: European Commission > Information Society
Language navigation: en
Home | News | Calendar | Library | RSS | XML | Search | Contact | Help

Local menu

Alternate presentations: Default layout Alternate layout, printer-friendly and allows font resizing

POLICIES :: eCommunications

Privacy Protection

Directive 2002/58/EC on Privacy and Electronic communications had to be transposed in national law by the Member states by 31 October 2003 at the latest.
This section explains what the directive aims to achieve.

Privacy can be described as the power to control what others can come to know about you and to determine the entry rules for your own private space. As technological possibilities to collect, store, analyze and distribute information about virtually every aspect of an individual's life have become almost unlimited, this power risks being greatly diminished. Especially in today's public communication networks, that include not only fixed telephone networks but also mobile networks and the Internet, personal information can be transferred with great ease and even largely invisibly. An intrusion in your home will in most cases entail a risk and an effort for the perpetrator and leave traces such as a broken window or lock. Gaining access to your PC or mobile communicator once it's connected to the Internet, is fairly easy and at little risk for anyone with a motive and can remain largely undetected unless you are a computer expert.

However, while advanced technology creates problems for the protection of privacy, it can also provide a large part of the solutions. Networks, hardware and software can and should be designed, or redesigned, to put the user in control of his own personal information and his private sphere. But given the considerable commercial and state interests in the collection of personal data, this will only happen with a clear, enforceable legal framework guaranteeing the individual's right to privacy and regulating the measures to achieve it.

Within Europe, the individual's right to privacy is firmly embedded in the European Convention on Human Rights and Fundamental Freedoms  of 1950. From there it has found its way into the constitutions of European States. The operational measures to put the right to privacy into practice were left to the individual states.

However, with the development of large scale automatic data processing systems, the need to address the treatment of personal data within such systems became apparent. In 1981 the Council of Europe adopted Convention 108 for the protection of individuals with regard to the automatic processing of personal data and in 1995 the EU adopted Directive 95/46/EC  on the processing of personal data. This Directive established the basic principles for the collection, storage and use of personal data that should be respected by governments, businesses and any other organizations or individuals engaged in handling personal data. The Directive also created a working party consisting of the independent national data protection authorities in the Member States. More information about the general directive and the working party can be found on the data protection webpages of DG JLS .

In 1997 the EU adopted a specific Directive 97/66/EC on the protection of privacy and the processing of personal data in the telecommunications sector, translating the principles of the General Data Protection Directive for a number of specific privacy issues related to public telecommunication networks and services.

As part of the new regulatory framework for the electronic communications sector, the 1997 Directive has been updated to take account of technological developments and to ensure that the same level of privacy protection will be granted for all communications over public networks regardless of the technology used. The new Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector includes provisions on security of networks and services, confidentiality of communications, access to information stored on terminal equipment, processing of traffic and location data, calling line identification, public subscriber directories and unsolicited commercial communications. The Directive had to be transposed in national law by 31 October 2003 at the latest.

The European Commission has adopted on 21 September 2005 a proposal for a Directive on the retention of communications traffic data ( DE / FR ). The proposal provides for an EU-wide harmonisation of the obligations on providers of publicly available electronic communications, or a public telecommunications network, to retain data related to mobile and fixed telephony for a period of one year, and internet communication data, for six months.  The Directive adopted by the European Parliament and the Council on 15 March 2006 provides for the principle of a retention period between six months and two years.  The text can be accessed here ( DE / FR ).



On 25 March 2006 the Article 29 Data Protection Working Party has adopted an Opinion on the data protection Directive (Opinion 3/2006, WP 119), which advises on safeguards that Member States should follow when transposing the Directive.  The document can be accessed here. (The Article 29 Data Protection Working Party is an independent and advisory body which brings together 'data protection authorities' in the EU. More background information on the Working Party is available here.)


 

Frequently asked questions

Back to top

Last update: 21/02/2007

 
Home | News | Calendar | Library | RSS | XML | Search | Contact | Help