Second Opinion by EDPS on ePrivacy Directive Calls for More Safeguards
January 13, 2009 // Published as a news service by IHS
| |
| Electronics & Telecom Tools |
IHS sells flexible standards collections and software to maximize your workflow.
To learn more, and for a free quote, please complete the form below. |
|
| |
On Jan. 9, the European Data Protection Supervisor (EDPS) adopted a second opinion on the review of the Directive on Privacy and Electronic Communications (directive 2002/58/EC), usually referred to as the ePrivacy Directive.
This opinion follows a first EDPS opinion, in which recommendations were made to help ensure that the proposed changes to the directive effectively provide for the best possible protection of personal data.
This second opinion comes as a response to the European Council's common position which, on a number of critical points, fails to endorse some of the data protection safeguards proposed by the European Parliament and the European Commission (EC), or previously recommended by the EDPS.
The recommendations presented in this second opinion aim at streamlining some of the provisions of the directive, while at the same time ensuring an adequate level of data protection and privacy.
In particular, the opinion focuses on the provisions relating to the setting up of a mandatory security breach notification system, for which the EDPS believes there is still some room for improvement.
"The full benefits of security breach notification will be best realized if the legal framework is set right from the outset," said EDPS Peter Hustinx.
"To this end, the Parliament and the Council will need to meet the challenge of determining the proper standard setting forth the conditions for notification and ensuring that the appropriate processes are put into effect."
"Citizens will expect such a system to apply not only to their Internet access providers, but also to their on-line banks and on-line pharmacies," Hustinx stated.
The second opinion also includes a number of recommendations covering the following issues:
- Scope of application: The EDPS supports the European Parliament's approach to broaden the scope of application of the directive to include publicly accessible private networks in the European Community. It recommends to further clarify the types of services that would be covered by the broadened scope.
- Processing of traffic data for security purposes: The EDPS considers the new article introduced by the European Parliament - and maintained by the European Council's common position and the EC's amended proposal - legitimizing the collection of traffic data for security purpose as being unnecessary.
In the EDPS view, such a provision may be subject to risk of abuse, especially if adopted in a form that does not include the necessary data protection safeguards.
- Right of action against infringements to the directive: The EDPS calls upon the EC and the council to endorse the provision introduced by Parliament that gives the possibility to legal entities, such as consumer associations, to bring legal action against infringements of any provisions of the directive.
The EDPS is hopeful that, as the review of the directive continues to make its way through the legislative process, new amendments will be adopted in accordance with the above recommendations with a view to restoring the necessary data protection safeguards.
Further information
For more information, see:
Source: European Commission.