Brussels, 31 October 2003
New privacy rules for digital networks and services - Directive kicks in today
As from today EU Member States must comply with the Directive on Privacy and Electronic Communications, which sets EU standards for the protection of privacy and personal data in electronic communications. The Directive includes basic obligations to ensure the security and confidentiality of communications over EU electronic networks, including internet and mobile services. It sets out specific conditions for installing so-called “cookies” on users' personal computers and for using location data generated by mobile phones. Notably, the Directive also introduces a 'ban on spam' throughout the EU.
"The Directive on Privacy and Electronic Communications is a key tool to strengthen consumer confidence in the Internet and electronic communications, which is a prerequisite for the success of e-commerce and, indeed, the Information Society” said Erkki Liikanen, European Commissioner responsible for Enterprise and Information Society.
The Directive is technology neutral and gives consumers and citizens a variety of tools to protect their privacy and personal data. This can be illustrated by a few examples:
From today Member States must apply and effectively enforce these rules. Bilateral and multilateral international co-operation efforts are needed, alongside EU efforts.
In 1997 the EU adopted a specific Directive on the protection of privacy and the processing of personal data in the telecommunications sector (97/66/EC). The Directive translated the principles of the General Data Protection Directive (95/46/EC) for a number of specific privacy issues related to public telecommunication networks and services.
The 1997 Directive was updated in 2002 to take account of technological developments and to ensure that the same level of privacy protection is provided for all communications over public networks regardless of the technology used. The Directive covers the processing of personal data in connection with the provision of publicly available electronic communication networks and services in the Community.
The Directive includes provisions on security of networks and services, confidentiality of communications, access to information stored on terminal equipment, processing of traffic and location data, calling line identification, public subscriber directories and unsolicited commercial communications.
The Directive contains no legally binding provisions that would either allow or prevent national measures requiring the retention of traffic or location data for 'law enforcement' purposes, since these are beyond its scope. However, any such measures would have to be accompanied by human rights safeguards specified in the Directive.
Directive 2002/58/EC on Privacy and Electronic Communications is also part of a new, wider technologically neutral regulatory framework governing the provision of electronic communications networks and services in the EU (see IP/01/1801 and IP/02/259)
Background information on the new rules is available at the following URL address:
Background information on the specific Commission plans on spam is available via: