Brussels, 5 December 2003
Commission launches infringement proceedings against nine Member States for not adopting new privacy rules for digital networks and services
Following the expiry on 31 October 2003 of the deadline to transpose the Directive on Privacy and Electronic Communications, the Commission has opened infringement proceedings for failure to notify transposition measures against Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal, Finland and Sweden.
“The e-Privacy Directive is a key element in the new regulatory framework for electronic communications. It is urgent that Member States adopt a consistent legislative approach to such issues as unsolicited emails ('spam'), the use of location data or 'cookies'. This will strengthen consumer confidence in e-commerce and electronic services, which is a prerequisite for sustainable growth in the sector,” said Erkki Liikanen, Commissioner for Enterprise and the Information Society. “I urge those Member States that have not yet transposed this Directive to complete the task with the minimum of further delay.”
The Directive on Privacy and Electronic Communications (e-Privacy Directive), was adopted by the European Parliament and the Council in July 2002, and completes the new regulatory framework for electronic communications(1). It sets EU-wide rules for the protection of privacy and personal data in mobile and fixed communications, including the Internet. For instance, the Directive introduces a 'ban on spam' throughout the EU; it also determines specific conditions for using location data generated by mobile phones, or for installing so-called “cookies” on users' personal computers (see IP/03/1492).
The Directive was to be incorporated into national law by 31 October 2003 at the latest. By that date, only six countries had taken measures to transpose it. Since then, Ireland has also adopted transposition measures. Letters of formal notice, the first stage of infringement proceedings, have now been sent out to the following Member States: Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal, Finland and Sweden. In the case of Sweden, this concerns only Article 13 of the directive, which relates to unsolicited communications as the rest of the directive was covered by the transposition measures, which were notified on time. Member States are requested to respond within two months.
The importance of full, effective and timely implementation of the new regulatory framework for electronic communications has been stressed by the Commission in its Communication “Electronic Communications: the Road to the Knowledge Economy”(2). This view has been fully supported by both the Spring European Council and the subsequent Telecoms Council in March 2003. On 18 November 2003, the European Parliament requested that the infringement proceedings against those Member States who had not transposed the new regulatory package into national law be concluded as quickly as possible (3).
Directive 2002/58/EC on Privacy and Electronic Communications (e-Privacy Directive), adopted by Parliament and Council in July 2002, sets EU rules for the protection of privacy and personal data in electronic communications. It was to be incorporated into national law by 31 October 2003 at the latest. It replaced the previous 'Telecommunications' Data Protection Directive (Directive 97/66/EC).
The e-Privacy Directive includes provisions on security of networks and services, confidentiality of communications, access to information stored on terminal equipment, processing of traffic and location data, calling line identification, public subscriber directories and unsolicited commercial communications. The Directive contains no legally binding provisions that would either allow or prevent national measures requiring the retention of traffic or location data for 'law enforcement' purposes, since these are beyond its scope.
Background information on the new privacy and data protection rules is available on the Europa website of the Commission.
This Directive is part of a new, broader package of regulation designed to stimulate more competitive markets based on converging electronic communications technologies. The directives adopted under Article 95 of the Treaty were required to be transposed into national law not later than 24 July 2003. The Commission is monitoring the transposition process closely, and has already opened infringement proceedings against those Member States which failed to meet the deadline for incorporating the Framework, Authorisation, Access and Universal Service Directives into their national law (see IP/03/1356).
Letters of formal notice are the first step of infringement proceedings, under Article 226 of the Treaty. These request Member States to respond to the Commission's concerns within two months.
The Commission's Ninth Implementation Report(4) provides an update on the status of transposition of the new regulatory framework for electronic communications in the Member States, and identifies key issues for transposition. It also provides an overview of market developments (see IP/03/1572).
Background information on the new privacy and data protection rules:
(1)Directive 2002/58/EC, OJ L 201 of 31 July 2002, p. 37.
(2)COM(2003) 65 of 11 February 2003.
(3)European Parliament resolution on the Eighth Report from the Commission on the implementation of the Telecommunications Regulatory Package, adopted on 18 November 2003, A5-0376/2003.
(4)Report on the Implementation of the EU Electronic Communications Regulatory Package - European Electronic Communications Regulation and Markets 2003, COM(2003)715 of 19 November 2003.