Privacy Chief Adopts Opinion on Review of E-privacy Directive
April 15, 2008 // Published as a news service by IHS
| |
| Electronics & TelecomDocs |
IHS sells a full selection of standardsdocuments & collections from the industry's top organizations.
Tolearn more, and for a free quote, please complete the formbelow. |
|
The European Data Protection Supervisor (EDPS) adopted an opinion on a recent proposal by the European Commission (EC) that amended the directive on privacy and electronic communications (the so-called e-privacy directive).
The April 10 opinion from the EDPS stated that, overall, it supported the EC's drive to enhance the protection of individuals' privacy and personal data in the electronic communications sector.
In particular, it welcomed the proposed creation of a mandatory security breach notification system and the possibility for legal persons, such as consumer associations and Internet service providers, to take legal action against spammers.
The EDPS also said it welcomed the clarification to include a number of RFID (radio frequency identification device) applications to be within the directive's scope.
However, the EDPS stated it felt this review should be used to its full potential so as to ensure that the proposed changes effectively provide for proper protection of personal data and privacy.
Peter Hustinx of the EDPS said, "I welcome the approach followed by the proposal, which is in line with views expressed in previous opinions. However, the proposed amendments to the directive are not as ambitious as they should be. In dealing with new issues, such as the setting up of a mandatory security breach notification system, the proposal remains too restrictive in its scope."
In particular, the EDPS is calling for further improvements to the directive that should include the following:
- Security breach notification - The obligation to notify any breach of security should not only apply to providers of public electronic communication services in public networks, but also to other actors, especially to providers of information society services that process sensitive personal data (e.g., online banks and insurers and on-line providers of health services).
- Scope of the directive - The rising importance of semi-public and private networks in everyday life requires that such services be subject to the same set of rules as apply to public electronic communication services. Therefore, the directive should broaden its scope of application to include providers of electronic communication services also in mixed (private/public) and private networks.
- Right of action against spammers - The new possibility given to legal persons to take action against those who infringe on spam provisions should be extended to cover infringement of any provision of the e-privacy directive.
For more information, see the April 10 EDPS opinion.
Source: European Commission.