The European Parliament recently endorsed the European Union's telecoms reform proposals. This reform proposed by the European Commission in November 2007 consists of various different EU directives that set up the legal framework applicable to the electronic communications sector, including revisions to the e-Privacy Directive (2002/58/EC).

The new provisions of the e-Privacy Directive will strenghten the protection of privacy and personal data in the electronic communications sector. The goal of the amended e-Privacy Directive is to enhance information security and increase the enforcement powers of the competent national authorities of the member states.

The e-Privacy Directive deals with providers of publicly-available electronic communication services such as telecom operators, mobile phone communication service providers, internet access providers, providers of the transmission of digital TV content, and other providers of electronic communication services.

A major revision to the e-Privacy Directive is the inclusion of a duty for such service providers to report data security breaches to their competent national authority. For the first time in the EU, a framework for mandatory notification of personal data breaches has been set in place. Any such communications provider involved in an individual's personal data being compromised must inform the authorities if the breach is likely to adversely affect the individual.

Examples of such personal data breaches would include instances where there could be risks of identity theft, fraud, humiliation or damage to reputation. The notification to the authorities will need to include recommended measures to avoid or reduce such risks.

The new directive also revises provisions relating to the deployment of cookies and other tracking devices on end-user equipment. The legislative amendments provide reinforced protection against interception of users' communications through the use of spyware and cookies stored on a user's computer or other device.

In addition, the e-Privacy Directive enhances the individual's right of action against spam or unsolicited emails, by providing the possibility for any person negatively affected by spam, including ISPs, to bring effective legal proceedings against spammers.

These amendments are intended to have full effect given the strengthened enforicement powers vested in national data protection authorities by virtue of the said directive. These authorities will be able to order breaches of the law to stop immediately and will have improved means of cross-border cooperation.

The new provisions will certainly bring vital improvements in the protection of the privacy and personal data of all Europeans active in the online environment. These measures were required since new advances in technology require parallel improvements in privacy laws. Indeed, more crackdowns on breaches of data protection by the EU are expected to be set in motion in the near future.

Dr Grech is an associate with Guido de Marco & Associates and heads its European law division.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.