Share This Article
Following a number of discussions on the topic, the revised version of the ePrivacy Directive governing the processing of personal data and the protection of privacy in the electronic communications sector will be shortly adopted by the European Commission.
The current proposal prescribes:
-
Mandatory Notification of Personal Data Breaches: communications providers and ISPs processing individuals’ personal data that have been compromised (e.g. because of a destruction, a loss, an alteration or an unauthorised disclosure) shall inform such individuals if the breach is likely to damage them;
-
Spyware and Cookies: ISPs shall provide users with better information on the use of cookies and easiers means to control them;
-
Spamming: persons negatively affected by spam will be entitled to bring effective legal proceedings against spammers;
-
Enforcement Powers: national data protection authorities will have stronger powers enabling them for instance to immediately stop breaches.
These new measures are very welcome as the potential damages that individuals can suffer because of the processing of their personal data by communications operators and ISPs are considerable and often individuals are not in the position to control the usage of such data by such operators. However, operators are likely to criticise such proposal since it renders them subject to further privacy obligations in addition to the already burdensome obligations recently put in place for instance through the implementation of the Data Retention Directive.
Indeed, the Data Retention Directive as implemented in Italy obliges communications operators to store telephone and Internet traffic data and to adopt very stringent security measures in the storage of such data sanctioning the breach of these obligations is sanctioned with considerable fines.
We will see what will happen next!
(Visited 1 times, 1 visits today)
