|
The Directive on Privacy and Electronic
Communications (2002/58/EC)
Overview
Summary of Changes
Implementation in the UK
Government Response to Consultation
List of Respondees
The Privacy and Electronic Communications (EC Directive) Regulations 2003
Guidance on the Regulations
Contact Us
Background
Government Contact
Further Information and Links
Overview
As part of the
European Commission's 1999 Review of the communications framework, a draft
proposal to update the existing
Telecoms Data Protection Directive (97/66/EC) was adopted on
12 July 2000, formerly known as the Communications Data
Protection Directive (CDPD) but now known as the Directive on Privacy and
Electronic Communications (DPEC). The overriding aim of the new Directive is to
take account of technological changes and to make the provisions as
technology-neutral as possible. Documents detailing the progress of the draft
Directive are available on the European Commission's website on the new
communications regulatory framework
here.
The
final Directive, the DPEC, was adopted on
12 July 2002 and required implementation in Member States
by 31 October 2003.
A
public consultation on how to implement the DPEC in the
UK
was launched on
27 March 2003, and ran for 12 weeks, closing on
19 June 2003. Final implementing
Regulations were prepared, taking into account the
responses received, and were laid before Parliament on
18 September 2003, coming into force on
11 December 2003.
Summary of Changes
The new
Directive:
-
replaces existing
definitions for telecommunications services and networks with new definitions
for electronic communications and services to ensure technological neutrality
and clarify the position of e-mail and use of the internet;
-
enables the provision of
value added services based on location and traffic data, subject to the
consent of subscribers (for example, location based advertising to mobile
phone users);
-
removes the possibility for
a subscriber to be charged for exercising the right not to appear in public
directories;
-
introduces new information
and consent requirements on entries in publicly available directories,
including a requirement that subscribers are informed of all the usage
possibilities of publicly available directories - e.g. reverse searching from
a telephone number in order to obtain a name and address;
-
extends controls on
unsolicited direct marketing to all forms of electronic communications
including unsolicited commercial e-mail (UCE or Spam) and SMS to mobile
telephones; UCE and SMS will be subject to a prior consent requirement, so the
receiver is required to agree to it in advance, except in the context of an
existing customer relationship, where companies may continue to email or SMS
to market their own similar products on an 'opt-out' basis;
-
specifies that Member
States may introduce provisions on the retention of traffic and location data
for law enforcement purposes;
-
introduces controls on the
use of cookies on websites. Cookies and similar tracking devices will be
subject to a new transparency requirement - anyone that employs these kinds of
devices must provide information on them and allow subscribers or users to
refuse to accept them if they wish.
Implementation in the
UK
On
27 March 2003 the DTI launched a twelve-week public consultation on how best to
implement the Directive in the
UK. The
consultation closed on
19 June 2003.
The consultation document can still be accessed
from the links below, in both .doc and .pdf formats, either by the section(s)
you are interested in, or as a complete document (126 pages).
|
|
View .doc version |
View .pdf version |
|
Introduction |
Intro |
Intro |
|
|
Questions |
Questions |
|
Background -
current rules and impact of new Directive |
Chapter 1 |
Chapter 1 |
Scope and
definitions
Articles 1, 2 and 3
Recitals 1 to 19 |
Chapter 2 |
Chapter 2 |
|
Security and
confidentiality
Articles 4
and 5
Recitals
20 - 26 |
Chapter 3 |
Chapter 3 |
|
Network and
service providers' requirements: traffic data, itemised billing, calling
line identification, location data services, call tracing and forwarding
Articles 6,
7, 8, 9 and 10
Recitals
26 - 37 |
Chapter 4 |
Chapter 4 |
|
Subscriber
directories
Articles 12
and 16
Recitals
38, 39, 49 |
Chapter 5 |
Chapter 5 |
|
Unsolicited
commercial communications: phone, fax, e-mail and SMS messages
Article 13
Recitals
40 - 45 |
Chapter 6 |
Chapter 6 |
|
Law
enforcement and security access to data
Articles 14
and 15
Recitals
11 and 46 - 47 |
Chapter 7 |
Chapter 7 |
|
Directive on
Privacy and Electronic Communications 2002/58/EC |
Annex 1 |
Annex 1 |
|
Draft
Statutory Instrument: The Privacy and Electronic Communications (EC
Directive) Regulations 2003 |
Annex 2 |
Annex 2 |
|
Existing
Guidance on the Telecommunications (Data Protection and Privacy) Regulations
1999 |
Annex 3 |
Annex 3 |
|
Draft Partial
Regulatory Impact Assessment |
Annex 4 |
Annex 4 |
|
Consultation
Criteria |
Annex 5 |
Annex 5 |
|
|
|
Full
consultation document including annexes
(126 pages) |
Complete Document |
Complete Document |
Alternatively, hard copies of the complete
consultation document are available from the DTI Publications Orderline, quoting
reference URN 03/762:
Online:
http://www.dti.gov.uk/publications/
E-mail:
publications@dti.gsi.gov.uk
Telephone: 0870 1502 500
Fax: 0870 1502 333
Mail: DTI Publications Orderline
ADMAIL 528
London
SW1W 8YT
Government Response to
Consultation
The Government published its Response to
Consultation on
18 September
2003. This summarises the responses to consultation and the key changes that
the Government has made in finalising the Privacy and Electronic Communications
(EC Directive) Regulations 2003 as a result. The Government Response is
available in
PDF (110 Kb)
and
MSWord (90
Kb) formats.
List of Respondees
A list of those who responded to the
consultation is
available in
PDF (55 Kb)
and
MSWord
(102 Kb) formats. Details of respondees identified by
us as private individuals have been omitted from the list to protect their
privacy.
Given the volume of responses received during
the consultation – more than 420 in all – we have decided not to publish these
in full on this website. However, if you would like to see a hard copy of a
non-confidential response from an organisation on the published list of
respondees, please email a request to
cdpd@dti.gsi.gov.uk remembering to include both your name and
address, and the name of the respondee.
The Privacy and Electronic
Communications (EC Directive) Regulations 2003
The Regulations, Statutory Instrument 2003 No. 2426, were laid before Parliament on
18 September 2003. The final text of the Regulations is available on the HMSO
Website.
The Regulations came into force on 11 December 2003.
A final version of the Regulatory Impact Assessment on the
Regulations is available in
PDF (37 Kb) and
MSWord (118 Kb)
formats, or in hard copy on request from the
Government Contact
A transposition note has been prepared to show how the
Articles in the DPEC are being implemented, and is available in
PDF
(109 Kb) and
MSWord
(67 Kb) formats.
Guidance on the
Regulations
Guidance notes on the new provisions have been
prepared by the Information Commissioner – the enforcer of the new Regulations.
It is available on the ICO website on their electronic
communications guidance pages, and also below in two parts in PDF
format:
ICO guidance Part
1
(610 KB)
ICO guidance
Part
2
(385 KB)
The Interactive Advertising Bureau (IAB)
provides independent guidance for Internet users and online operators on the use
of cookies and how to notify users of them under the new rules at:
www.allaboutcookies.org
An explanatory note for subscribers on their rights over unsolicited
phone, fax, e-mail and SMS marketing is available here.
Contact Us
If you
would like to be included on our contact list on this Directive, to hear about
future developments, please either email your details to
cdpd@dti.gsi.gov.uk or send them in writing to the address given under
Government Contact, clearly stating your interest in being kept informed
of developments on the DPEC.
The
cdpd@dti.gsi.gov.uk inbox can also be used for enquiries on the new
provisions, but please note that the DTI cannot give legal advice on the new
provisions, and many questions relating to interpretation of the new Regulations
and compliance advice.
Background
On the
30 May 2002 the European Parliament voted to accept a compromise text, opening
the way for formal adoption of the DPEC on
12 July 2002. Information about the key stages in
negotiations is available on the European Commission's website
here.
The text of the Directive can be accessed on
the European Commission's website
here.
The DPEC is one of the measures that arose from
the European Commission's 1999 Review of the regulatory framework for electronic
communications. Other key elements of the Review package include the Framework
Directive (2002/21/EC), the Access Directive (2002/19/EC), the Authorisation
Directive (2002/20/EC) and the Universal Service Directive (2002/22/EC),
implemented in the UK via the
Communications Act 2003.
The DPEC, which was adopted on
12 July 2002, makes a number of changes, in the light of
technological developments, to the current
Directive (97/66/EC) concerning the processing of personal data and
the protection of privacy in the telecommunications sector.
The new Directive replaces existing definitions
for telecommunications networks and services with new definitions for electronic
communications networks and services. These changes are intended to ensure
technological neutrality and interoperability among networks and systems in
order to facilitate the provision of a wide range of electronic communications
services and guarantee the maximum level of consumers' personal data and privacy
protection.
In particular, the new Directive enables the
provision of value added services based on location and traffic data, subject to
the consent of subscribers. It removes the possibility of a subscriber being
charged for exercising the right not to appear in public directories. It
introduces also new information and consent requirements on entries in publicly
available directories, including a requirement that subscribers are informed of
all the usage possibilities of publicly available directories (e.g. reverse
searching from a telephone number in order to obtain a name and address).
In addition, the new Directive clarifies the
position of e-mail and use of the Internet and extends controls on unsolicited
direct marketing to all forms of electronic communications including unsolicited
commercial e-mail (UCE or Spam) and SMS to mobile telephones. Finally, it allows
Member States to introduce provisions on the retention of traffic and location
data for law enforcement purposes and it introduces controls on the use of
cookies on websites.
Government Contact
Mr Guy Russell
International Communications
Department of Trade and Industry
Bay 203
151 Buckingham Palace Road
London
SW1W 9SS
Telephone: +44 (0)20 7215 1806
Fax: +44 (0)20 7215 4161
E-mail:
guy.russell@dti.gsi.gov.uk
Further Information and Links
The Privacy and Electronic Communications (EC Directive)
Regulations 2003 are available on the HMSO
Website.
The E-commerce Directive
- implementing Regulations have provisions
affecting UCE
See
www.allaboutcookies.org
for background
on cookies from the Interactive Advertising Bureau
The URL for
the Information Commissioner’s website is
www.dataprotection.gov.uk
www.informationcommissioner.gov.uk
|
