Data protection authorities support civil society on the Telecom Package
This article is also available in:
Deutsch: Datenschutzbehörden unterstützen die Zivilgesellschaft beim Thema Te...
Macedonian: Органите за заштита на лични податоци ...
The Article 29 Working Group and the European Data Protection Supervisor have issued public statement supporting some of the arguments of the civil society, including EDRi, made in the recent open letter sent to the European Parliament on 17 February 2009 and in the campaign against "voluntary data retention".
The open letter underlines the signatories' concerns related to those amendments of the Telecoms Package which might affect the Internet and Internet users, by targeting the open and non-discriminatory access features. Thus the fundamental users' rights such as privacy and freedom of speech are put in jeopardy.
The Article 29 adopted on 10 February Opinion 1/2009 on the proposals amending the e-Privacy Directive, acknowledging its concerns regarding the present article 6 a) that "might lend legitimacy to large scale deployment of deep packet inspection both in the network and in user equipment such as ADSL boxes, while the current legal framework already details the cases in which traffic data may be processed for security purposes."
Considering that "the wording proposed by the Commission establishes beyond all doubt that the processing of traffic data falls within the scope of the Data Protection Directive", the working group decided that the Article 6(6a) is unnecessary.
A similar opinion is supported by the European Data Protection Supervisor's comments on some issues in the review of the Universal Service Directive. According to the text "he is concerned about the implementation of traffic management policies that require the monitoring of Internet usage and interception without appropriate data protection safeguards," and concludes that "Article 5 of the ePrivacy Directive applies whenever traffic management policies entail interception or surveillance of Internet usage. Therefore, to avoid confusion, it seems only just and reasonable to recognise that pursuant to this article informed consent from users is necessary."
In the same document, EDPS tackles the 3 strikes procedure and considers as unfortunate its possible introduction in the Telecom package and notes that "it would have been preferable if the European Parliament had not given up to pressure by laying down the foundation for a three strikes approach and if all these issues had been addressed separately in different legal instruments, after careful analysis and debate."
The EDPS supports the civil society in calling upon decision makers to re-introduce Amendment 138 and Article 32a of the Universal Service Directive that would strengthen the safeguards towards ensuring the protection of individuals' rights, including the right to data protection and privacy and due process.
The Article 29's Opinion also tackles other aspects regarding the e-Privacy directive. Thus the document strongly supports "an extension of personal data breach notifications to Information Society Services (...) given the ever increasing role these services play in the daily lives of European citizens." This resonates with the initial Amendments of the European Parliament or with Peter Hustinx's public comments, who explains why the position of the Commission and the Council is not enough to protect the citizens in the online world: "That restriction means European citizens would only be alerted if their internet access or telephone company suffers security breaches. If their online bank is hacked or its security systems are cracked, enabling the unauthorised access to bank account information, citizens might not be notified. So, unless the amendments proposed by the European Parliament are adopted by the Council, online banks and other e-businesses would be off the hook."
The Article 29 Working Group has also re-emphasised its earlier opinion "that unless the service provider is in a position to distinguish with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side". Thus the WG agrees with the Commission that a substantive provision of a directive is not the most suitable way of addressing this issue, and that a reporting obligation referring to "purposes not covered by this Directive" is not appropriate.
Open letter to the European Parliament - Telecom Package (17.02.2009)
EU proposal puts confidential communications data at risk (28.02.2009)
All data breaches must be made public (29.01.2009)
Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and
electronic communications (e-Privacy Directive) (10.02.2009)
EDPS comments on some issues in the review of the Directive 2002/22/EC
(Universal Service) (16.02.2009)
EDRi-gram: Data breach notification - different opinions in EU bodies ?