52001AE0048

Opinion of the Economic and Social Committee on the "proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communication sector"

(2001/C 123/11)

On 25 October 2000 the Council decided to consult the Economic and Social Committee, under Article 95 of the Treaty establishing the European Community, on the above-mentioned proposal.

The Section for Transport, Energy, Infrastructure and the Information Society, which was responsible for preparing the Committee's work on the subject, adopted its opinion on 7 December 2000. The rapporteur was Mr Lagerholm.

At its 378th plenary session on 24 and 25 January 2001 (meeting of 24 January) the Economic and Social Committee adopted the following opinion with 76 votes in favour and two abstentions.

1. The Commission's Proposal

1.1. The proposed directive is part of a new regulatory framework for all transfer networks and services, designed to secure the competitiveness of the electronic communications market. On the basis of the proposed directive on a common regulatory framework for electronic communications networks and services(1) the present proposal is intended to replace Directive 97/66/EC(2), concerning the processing of personal data and the protection of privacy in the telecommunications sector; it would also particularise and supplement it. The directive must be adapted to developments in the markets and technology, to provide users of publicly accessible electronic communications services with the same level of protection of personal data and privacy regardless of the technology used.

1.2. Specific legal and technical provisions to protect fundamental rights and freedoms are particularly necessary in view of the increasing capacity for automated storage and processing of data of a personal nature. The provisions adopted by Member States should be harmonised in order to avoid obstacles to the internal market.

1.3. While the providers of publicly available electronic communications services must take appropriate measures to safeguard the security of their services, it is up to Member States to ensure the confidentiality of communications. In particular, they should prohibit listening, tapping and storage of communications. Traffic and location data may only be processed when they are made anonymous or with the consent of the users.

1.4. Subscribers have the right to require non-itemised bills. Calling users must have the possibility of preventing the presentation of the calling-line identification, while the called subscriber must have the possibility of rejecting incoming calls where the presentation of the calling line identification has been prevented. Exceptions are provided for in the case of emergency calls and, on request, in the case of malicious or nuisance calls.

1.5. Any subscriber should have the possibility of stopping automatic call forwarding by a third party to the subscriber's terminal. He should have the opportunity to determine whether his personal data are included in public directories, and if so which personal data. The use of automated calling systems (voice mail systems) and unsolicited communications for purposes of direct marketing is permitted only with the agreement of the subscriber.

1.6. Member States are to ensure that no mandatory requirements for specific technical features are imposed on terminal or other electronic communications equipment. Where required, the Commission is to adopt measures to ensure that terminal equipment incorporates the necessary safeguards.

1.7. Member States may restrict the scope of certain provisions to safeguard national security, defence, public security and in connection with criminal offences. The working party on data protection set up under Article 29 or Directive 95/46/EC(3) carries out the tasks laid down in that directive with regard to the protection of fundamental rights and freedoms and of legitimate interests.

2. Comments

2.1. Maintaining user control over personal data is a prerequisite for successful electronic communications. However, much of such control relates more to horizontal privacy legislation and not to sector specific measures. Even if privacy is perceived as more crucial and urgent in the telecommunications sector, the Committee believes that the same privacy issues should be regulated in the same way, regardless of whether electronic communications or "traditional" handling are involved.

2.2. The proposed Data Protection Directive (DPD) should therefore concentrate on the electronic communications-specific issues. There is concern that the present horizontal data protection directive 95/46/EC and the existing directive on data protection in the telecom sector 97/66/EC are still neither fully nor reciprocally implemented in a consistent manner. The recently adopted Directive on electronic commerce 2000/31/EC(4) and the Directive on electronic signatures 1999/93/EC(5) also contain provisions regarding privacy in communications. Arguably, certain aspects of the reasons and rationale in the former seem, at any rate, to contradict the DPD as currently proposed. The DPD must therefore be clearly focused on sector-specific issues so as to avoid the risk of conflict with the foreseen revision of the horizontal directive 95/46/EC in 2001.

2.3. The DPD changes to the current directive are described as limited. That may be the case but the new definitions could be considerably more far-reaching. Pending a revised horizontal directive next year a reasonable objective for the DPD could be solely to update the current directive to keep pace with technical progress, without broadening its scope beyond what is necessary for communications per se.

2.4. An example of the adjustment required is given in the proposed Directive on universal service (USD). The proposal in the USD that the processing of very precise location data should be mandatory for mobile 112 calls raises a privacy issue, apart from cost and technology considerations. Any system that provides for shared control of location details with the end-user reduces security against intrusion. Although in certain circumstances there is clearly an advantage in being able to trace 112 calls, it would perhaps be reasonable to ask whether end-users should be consulted before deciding on such a major step.

2.5. The proposal that e-mail should be included under a system which only allows advertising communications to be sent to subscribers who have given their prior consent to receiving unsolicited messages raises some serious questions.

2.6. The ESC supports the proposal for such an opt-in system for commercial e-mail. In the Committee's view, an opt-in system has one serious drawback in that it could well hinder the development of e-commerce and in such a way as to discriminate against companies in the EU. Commercial communications are a prerequisite for many of the services on the Internet. The Committee feels, however, that the customer's interest in being spared unsolicited commercial information must take precedence. An opt-in system of this type already operates in several Member States.

Brussels, 24 January 2001.

The President

of the Economic and Social Committee

Göke Frerichs

(1) COM(2000) 393 final.

(2) European Parliament and Council Directive of 15 December 1997, OJ L 24, 30.1.1998.

(3) European Parliament and Council Directive of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on free movement of such data, OJ L 281, 23.11.1995.

(4) OJ L 178, 17.7.2000.

(5) OJ L 13, 19.1.2000.