Digital Agenda for Europe
A Europe 2020 Initiative

Online privacy

EU rules ensure the privacy of your online communications.
Share this

When you access the web, you often entrust vital personal information to your Internet Service Provider and to the website you are using, such as your name, address, and credit card number. What happens to this data? Could it fall into the wrong hands? What rights do you have with regards to your personal information?

Common EU rules have been established to ensure that personal data enjoy a high standard of protection everywhere in the EU. Since 2009, new requirements have been introduced and implemented by the Commission.

The EU Data Protection Directive ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organisations that collect and manage your personal information must also protect it from misuse and respect certain rights. In 2012, the Commission proposed a major reform of the EU legal framework on the personal data protection. The new proposals strengthens individual rights and tackles the challenges of globalisation and new technologies.

The ePrivacy Directive (Directive on Privacy and Electronic communications) builds on the EU telecoms and data protection frameworks to ensure that all communications over public networks maintains a high level of privacy, regardless of the technology used. This Directive was updated in 2009 to provide clearer rules on customers' rights to privacy. In particular, new requirements were introduced on data such as "cookies" and on personal data breaches:

Informed consent for "cookies" and other devices

The new rules require Member States to ensure that users grant their consent before cookies (small text files stored in the user's web browser) are stored and accessed in computers, smartphones or other device connected to the Internet. The Commission has encouraged the media and the advertising industry to develop codes of conduct to implement new user-friendly rules, given they comply with the legal requirements of the Directive.

Personal data breaches

Telecom operators and Internet Service Providers possess a huge amount of customers data,  which must be kept confidential and secure. However, sometimes sensible information can be stolen or lost, or illegally accessed. The new rules set out by the Commission ensure that the provider reports any "personal data breach" to the national authority and informs the subscriber or individual directly of any risk related to personal data or privacy. The Commission is currently preparing additional rules to make sure that the personal data breaches are reported in a consistent way across the EU.

Please consult also the List of National Competent Authorities.

Please see also the European Commission websites on Data Protection

Data Protection for RFID applications

Radio Frequency Identification Devices (RFID) are increasingly used in ticketing, healthcare, banking, logistics, electronic identity, retail and many other sectors and create privacy risks. With the adoption of EU-wide norms for RFID applications in June 2014, the EU Commission has completed the actions as specified in the 2009 released EU Recommendation on RFID applications.

The EU-norm on the information signs will inform citizens when RFIDs are present, and the privacy impact assessment process (PIA) framework will help developers, retailers and other RFID application users to be compliant with the EU data protection legislation. 

Please see also the related press release.

Last updated on 18/03/2015


Elena Alampi-das Neves Moreira's picture
Three young European talents were awarded last Thursday 23 April by Vice-President Andrus Ansip. Their designs received the highest number of votes in the e-Mark U Trust competition. After the ceremony participants gathered for more discussions during the eIDAS stakeholder event.
Andrea Servida's picture
The third eIDAS high-level private sector event has left us with a clearer vision on what the needs of the private sector are. Trust, security and convenience were the key words throughout the day. The event was opened by Commissioner Oettinger and was attended by high representatives of the banking and the sharing economy sectors. It was interesting to understand how these participants from different backgrounds were agreeing on one thing: the need for trust.
Elena Alampi-das Neves Moreira's picture
What is the value of electronic identification (eID) for my business model and how can I go digital in the near future? What do I still miss to leverage eID in transforming my business? A few thoughts ahead of the eID high-level event next week.
Andrea Servida's picture
New rules for electronic identification and trust services to boost cross-border and cross-sector electronic transactions.
More blog posts