In association with heise online

« previous | next »
26 June 2008, 15:49

MEPs adopt draft "e-privacy directive" reforms

The European Parliament's Standing Committee on Civil Liberties, Justice and Home Affairs has today, Wednesday the 25th of June, spoken out for a series of corrections to the European Commission's controversial proposals for amending the Directive on Privacy and Electronic Communications. The MEPs are arguing for measures including a procedure for informing users, in the event of security breaches at service providers and better protection from surveillance, using means such as cookies and trojans.

Rapporteur for the project Alexander Alvaro (FDP) told heise online, "We have introduced a few points directed towards better consumer protection and manageability." This will "improve data protection overall and bring it in line with the changed situation" since the introduction of the e-privacy directive six years ago.

The most heavily disputed aspect of the data protection portion of the planned new regulatory package 107587 for telecommunications, is the collection of personal data such as IP addresses. The home affairs committee has agreed on a compromise on this point. They consider that online identity should be specifically viewed as an item of personal information worthy of special protection where it can, in combination with other information, be related to an individual. This is accompanied by a demand that the European Commission should, after consultation with EU data protection officials, submit specific draft legislation for treating IP addresses as personal data within the next two years.

Data protection officials, such as German data protection commissioner Peter Schaar, have expressed concern over a supplement to Article 15 of the electronic data protection directive introduced by Alvaro. The provision currently allows member states to enact their own legislation to relax protection of connection and location data, for reasons such as public security and the prevention, detection and prosecution of criminal acts, or the illegal use of electronic communications systems. Alvaro proposed that the clause should also apply where rights of ownership were infringed. This proposal failed to achieve a majority.

Alvaro, a member of the Liberal grouping in the European Parliament, did succeed in getting other proposals passed in full, or in part. The directive will therefore in future apply to publicly accessible private telecommunications networks. This could include university networks or social networks such as StudiVZ or Facebook. Companies offering applications that attempt to access personal data on hard drives, or other IT systems, such as USB flash drives, will have to obtain the user's consent beforehand under an opt-in principle.

According to Alvaro, however, setting your browser to accept cookies would be considered as constituting consent to the collection of data, as any other solution would not be practicable. According to the draft, however, cookies for storing user data using the Flash multimedia application will in future require separate consent. A further change is that advertisers will have to obtain consumers' consent before sending advertising materials by e-mail, fax, SMS or MMS, or making automated marketing calls.

In the case of the planned measures for requiring providers of electronic services to inform users of breaches of data protection, the MEPs plan the involvement of an intermediary body. Affected businesses will have to forward information on security breaches to national telecommunications regulators or other "competent authorities". According to the amendments, only "serious" breaches of personal data will have to be reported. The regulatory bodies will then decide if consumers really do need to be rapidly informed. There is also likely to be a requirement for companies to report the occurrence of security problems in their annual reports.

According to Alvaro, the Internal Market and Consumer Protection committee, which is primarily responsible for the telecommunications package, will incorporate the amendments proposed by the Standing Committee on Civil Liberties, Justice and Home Affairs directly into its report. The comprehensive overall package for regulating telecommunications companies and internet providers will be voted on in September following a first reading at a plenary session, after which the European Council will be required to submit comments.

(Stefan Krempl)

(trk)

Add your comment

« previous | next »
Print version | Send by email
  • Share this article
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit

Price Insight Top 10

  1. Sapphire Radeon HD 5850
  2. Intel X25-M G2 Postville 80GB
  3. HTC Desire
  4. AVM Fritz!Box Fon WLAN 7390
  5. Intel Core i5-750
  6. MSI R5770 Hawk, Radeon HD 5770
  7. AMD Phenom II X4 955 (C3) Black Edition
  8. XFX Radeon HD 5850
  9. ASUS EAH5850/2DIS/1GD5
  10. Samsung EcoGreen F3 2000GB

The H

The H open source

The H Security

The H Internet Toolkit