The European Data Protection Supervisor (EDPS) adopted an opinion on 10 April 2008 on the proposals of the European Commission (EC) on the revision of the Directive on privacy and electronic communications, better known as the ePrivacy Directive. Generally the EDPS agreed with the position of the EC, but was of the view that the new Directive should be more ambitious, especially with respect to its scope, notification of security failures and mechanisms for action against spammers (entities which send unsolicited messages).
The proposals of the Commission set out to create an obligatory system of notification of failures of security and of enabling legal persons, such as consumer associations and suppliers of access to the internet, to legally advance against spammers. The EC further clarifies that the Directive covers a range of radio frequency identification (RFID) applications, a position which the EDPS views as a significant step. However this European Authority considers that the proposals of EC might go further and puts forward suggestions.
Accordingly, the EDPS considers that the obligation to give notification of any failure of security should be applied not only to suppliers of public services of electronic communications, but also to others, especially entities which supply electronic services which handle sensitive personal data, as in online banks and insurers, providers of online health services, etc.
The EDPS further argues that the Directive should be broadened in its scope to include all suppliers of electronic communication services, even those that operate private or semi-private networks, and the new possibility of acting legally against spammers should be extended to any infraction of the provisions of the ePrivacy Directive.
Further information:
- Opinião da EDPS sobre a revisão da Directiva ePrivacy http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2008/08-04-10_e-privacy_EN.pdf
- Comunicado de imprensa da EDPS http://europa.eu/rapid/pressReleasesAction.do?reference=EDPS/08/03&format=HTML&aged=0&language=EN&guiLanguage=en
- European Data Protection Supervisor website http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/1
