51996AG1024(06)

COMMON POSITION (EC) No 57/96 adopted by the Council on 12 September 1996 with a view to adopting Directive 96/. . ./EC of the European Parliament and of the Council, of . . ., concerning the processing of personal data and the protection of privacy in the telecommunications sector, in particular in the integrated services digital network (ISDN) and in the public digital mobile networks (96/C 315/06)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 100a thereof,

Having regard to the proposal from the Commission (1),

Having regard to the opinion of the Economic and Social Committee (2),

Acting in accordance with the procedure referred to in Article 189b of the Treaty (3),

(1) Whereas Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (4) requires Member States to ensure the rights and freedoms of natural persons with regard to the processing of personal data, and in particular their right to privacy, in order to ensure the free flow of personal data in the Community;

(2) Whereas currently in the Community new advanced digital technologies are introduced in public telecommunications networks, which give rise to specific requirements concerning the protection of personal data and privacy of the user; whereas the development of the information society is characterized by the introduction of new telecommunications services; whereas the successful cross-border development of these services, such as video-on-demand, interactive television, is partly dependent on the confidence of the users that their privacy will not be at risk;

(3) Whereas this is the case, in particular, with the introduction of the integrated services digital network (ISDN) and digital mobile networks;

(4) Whereas the Council, in its resolution of 30 June 1988 on the development of the common market for telecommunications services and equipment up to 1992 (5), called for steps to be taken to protect personal data, in order to create an appropriate environment for the future development of telecommunications in the Community; whereas the Council re-emphasized the importance of the protection of personal data and privacy in its resolution of 18 July 1989 on the strengthening of the coordination for the introduction of the integrated services digital network (ISDN) in the European Community up to 1992 (6);

(5) Whereas the European Parliament has underlined the importance of the protection of personal data and privacy in the telecommunications networks, in particular with regard to the introduction of the integrated services digital network (ISDN);

(6) Whereas, in the case of public telecommunications networks, specific legal, regulatory, and technical provisions must be made in order to protect fundamental rights and freedoms of natural persons and legitimate interests of legal persons, in particular with regard to the increasing risk connected with automated storage and processing of data relating to subscribers and users;

(7) Whereas legal, regulatory, and technical provisions adopted by the Member States concerning the protection of personal data, privacy and the legitimate interests of legal persons, in the telecommunications sector, must be harmonized in order to avoid obstacles to the internal market for telecommunications in conformity with the objective set out in Article 8a of the Treaty; whereas the harmonization pursuant to the principle of subsidiarity is limited to requirements that are strictly necessary to guarantee that the promotion and development of new telecommunications services and networks between Member States will not be hindered;

(8) Whereas these new services include interactive television and video-on-demand;

(9) Whereas, in the telecommunications sector, in particular for all matters concerning protection of fundamental rights and freedoms, which are not specifically covered by the provisions of this Directive, including the obligations on the controller and the rights of individuals, Directive 95/46/EC applies; whereas Directive 95/46/EC applies to non-publicly available telecommunication services;

(10) Whereas this Directive, similarly to what is provided for by Article 3 of Directive 95/46/EC, does not address issues of protection of fundamental rights and freedoms related to activities which are not governed by Community law; whereas it is for Member States to take such measures as they consider necessary for the protection of public security, defence, State security (including the economic well-being of the State when the activities relate to State security matters) and the enforcement of criminal law; whereas this Directive shall not affect the ability of Member States to carry out lawful interception of telecommunications, for any of these purposes;

(11) Whereas subscribers of a publicly available telecommunications service may be natural or legal persons; whereas the provisions of this Directive are aimed to protect, by supplementing Directive 95/46/EC, the fundamental rights of natural persons and particularly their right to privacy, as well as the legitimate interests of legal persons; whereas these provisions may in no case entail an obligation for Member States to extend the application of Directive 95/46/EC to the protection of the legitimate interests of legal persons; whereas this protection is ensured within the framework of the applicable Community and national legislation;

(12) Whereas the application of certain requirements relating to presentation and restriction of calling and connected line identification and to automatic call forwarding to subscriber lines connected to analogue exchanges must not be made mandatory in specific cases where such application would prove to be technically impossible or would require a disproportionate economic effort; whereas it is important for interested parties to be informed of such cases and the Member States should therefore notify them to the Commission;

(13) Whereas service-providers must take appropriate measures to safeguard the security of their services, if necessary in conjunction with the provider of the network, and inform subscribers of any special risks of a breach of the security of the network; whereas security is appraised in the light of the provision of Article 17 of Directive 95/46/EC;

(14) Whereas measures must be taken to prevent the unauthorized access to communications in order to protect the confidentiality of communications by means of public telecommunications networks and publicly available telecommunications services; whereas national legislation in some Member States only prohibits intentional unauthorized access to communications;

(15) Whereas the data relating to subscribers processed to establish calls contain information on the private life of natural persons and concern the right to respect for their correspondence or concern the legitimate interests of legal persons; whereas such data may only be stored to the extent that is necessary for the provision of the service for the purpose of billing and for interconnection payments, and for a limited time; whereas any further processing which the provider of the publicly available telecommunications services may want to perform for the marketing of its own telecommunications services may only be allowed if the subscriber has agreed to this on the basis of accurate and full information given by the provider of the publicly available telecommunications services about the types of further processing he intends to perform;

(16) Whereas the introduction of itemized bills has improved the possibilities for the subscriber to verify the correctness of the fees charged by the service-provider; whereas, at the same time, it may jeopardize the privacy of the users of publicly available telecommunications services; whereas therefore, in order to preserve the privacy of the user, Member States must encourage the development of telecommunications service options such as alternative payment facilities which allow anonymous or strictly private access to publicly available telecommunications services, for example calling cards and facilities for payment by credit card; whereas, alternatively, Member States may, for the same purpose, require the deletion of a certain number of digits from the called numbers mentioned in itemized bills;

(17) Whereas it is necessary, as regards calling line identification, to protect the right of the calling party to withhold the presentation of the identification of the line from which the call is being made and the right of the called party to reject calls from unidentified lines; whereas it is justified to override the elimination of calling line identification presentation in specific cases; whereas certain subscribers, in particular helplines and similar organizations, have an interest in guaranteeing the anonymity of their callers; whereas it is necessary, as regards connected line identification, to protect the right and the legitimate interest of the called party to withhold the presentation of the identification of the line to which the calling party is actually connected, in particular in the case of forwarded calls; whereas the providers of publicly available telecommunications services must inform their subscribers of the existence of calling and connected line identification in the network and of all services which are offered on the basis of calling and connected line identification and about the privacy options which are available; whereas this will allow the subscribers to make an informed choice about the privacy facilities they may want to use; whereas the privacy options which are offered on a per-line basis do not necessarily have to be available as an automatic network service but may be obtainable through a simple request to the provider of the publicly available telecommunications service;

(18) Whereas safeguards must be provided for subscribers against the nuisance which may be caused by automatic call-forwarding by others; whereas, in such cases, it must be possible for subscribers to stop the forwarded calls being passed on to their terminals by simple request to the provider of the publicly available telecommunications service;

(19) Whereas directories are widely distributed and publicly available; whereas the right to privacy of natural persons and the legitimate interest of legal persons require that subscribers are able to determine the extent to which their personal data are published in a directory; whereas Member States may limit this possibility to subscribers who are natural persons;

(20) Whereas safeguards must be provided for subscribers against intrusion into their privacy by means of unsolicited calls and faxes; whereas Member States may limit such safeguards to subscribers who are natural persons;

(21) Whereas it is necessary to ensure that the introduction of technical features of telecommunications equipment for data-protection purposes is harmonized in order to be compatible with the implementation of the internal market;

(22) Whereas in particular, similarly to what is provided for by Article 13 of Directive 95/46/EC, Member States can restrict the scope of subscribers' obligations and rights in certain circumstances, for example by ensuring that the provider of a publicly available telecommunications service may override the elimination of the presentation of calling-line identification in conformity with national legislation for the purpose of prevention or detection of criminal offences or State security;

(23) Whereas where the rights of the users and subscribers are not respected, national legislation must provide for judicial remedy; whereas sanctions must be imposed on any person, whether governed by private or public law, who fails to comply with the national measures taken pursuant to this Directive;

(24) Whereas it is useful in the field of application of this Directive to draw on the experience of the working party on the protection of individuals with regard to the processing of personal data composed of representatives of the supervisory authorities of the Member States, set up by Article 29 of Directive 95/46/EC;

(25) Whereas, given the technological developments and the attendant evolution of the services on offer, it will be necessary technically to specify the categories of data listed in the Annex to this Directive for the application of Article 6 of this Directive with the assistance of the committee composed of representatives of the Member States set up in Article 31 of Directive 95/46/EC in order to ensure a coherent application of the requirements set out in this Directive regardless of changes in technology;

(26) Whereas, to facilitate compliance with the provisions of this Directive, certain specific arrangements are needed for processing of data already under way on the date that national implementing legislation pursuant to this Directive enters into force,

HAVE ADOPTED THIS DIRECTIVE:

Article 1

Object and scope

1. This Directive provides for the harmonization of the provisions of the Member States required to ensure an equivalent level of protection of fundamental rights and freedoms, and in particular the right to privacy, with respect to the processing of personal data in the telecommunications sector and to ensure the free movement of such data and of telecommunications equipment and services in the Community.

2. The provisions of this Directive particularize and complement Directive 95/46/EC for the purposes mentioned in paragraph 1. Moreover, they provide for protection of legitimate interests of subscribers who are legal persons.

3. This Directive shall not apply to the activities which fall outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union, and in any case to activities concerning public security, defence, State security (including the economic well-being of the State when the activities relate to State security matters) and the activities of the State in areas of criminal law.

Article 2

Definitions

In addition to the definitions given in Directive 95/46/EC, for the purposes of this Directive:

(a) Subscriber shall mean any natural or legal person who or which is party to a contract with the provider of publicly available telecommunications services for the supply of such services;

(b) User shall mean any natural person using a publicly available telecommunications service, for private or business purposes, without necessarily having subscribed to this service;

(c) Public telecommunications network shall mean transmission systems and, where applicable, switching equipment and other resources which permit the conveyance of signals between defined termination points by wire, by radio, by optical or by other electromagnetic means, which are used, in all or in part, for the provision of publicly available telecommunications services;

(d) telecommunications service shall mean services whose provision consists wholly or partly in the transmission and routing of signals on telecommunications networks, with the exception of radio- and television broadcasting.

Article 3

Services concerned

1. This Directive shall apply to the processing of personal data in connection with the provision of publicly available telecommunications services in public telecommunications networks in the Community, in particular via the integrated services digital network (ISDN) and public digital mobile networks.

2. Articles 8, 9 and 10 shall apply to subscriber lines connected to digital exchanges and, where technically possible and if it does not require a disproportionate economic effort, to subscriber lines connected to analogue exchanges.

3. Cases where it would be technically impossible or require a disproportionate investment to fulfil the requirements of Articles 8, 9 and 10 shall be notified to the Commission by the Member States.

Article 4

Security

1. The provider of a publicly available telecommunications service must take appropriate technical and organizational measures to safeguard security of its services, if necessary in conjunction with the provider of the public telecommunications network with respect to network security. Having regard to the state of the art and the cost of their implementation, these measures shall ensure a level of security appropriate to the risk presented.

2. In case of a particular risk of a breach of the security of the network, the provider of a publicly available telecommunications service must inform the subscribers concerning such risk and any possible remedies, including the costs involved.

Article 5

Confidentiality of the communications

Member States shall ensure via national regulations the confidentiality of communications by means of public telecommunications network and publicly available telecommunications services. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications, by others than users, without the consent of the users concerned, except when legally authorized.

Article 6

Traffic and billing data

1. Traffic data relating to subscribers and users processed to establish calls and stored by the provider of a public telecommunications network and/or publicly available telecommunications service must be erased or made anonymous upon termination of the call without prejudice to the provisions of paragraphs 2, 3 and 4.

2. For the purpose of subscriber billing and interconnection payments, data indicated in the Annex may be processed. Such processing is permissible only up to the end of the period during which the bill may lawfully be challenged or payment may be pursued.

3. For the purpose of marketing its own telecommunications services, the provider of a publicly available telecommunications service may process the data referred to in paragraph 2, if the subscriber has given his consent.

4. Processing of traffic and billing data must be restricted to persons acting under the authority of providers of the public telecommunications networks and/or publicly available telecommunications services handling billing or traffic management, customer enquiries, fraud detection and marketing the provider's own telecommunications services and it must be restricted to what is necessary for the purposes of such activities.

5. Paragraphs 1, 2, 3 and 4 shall apply without prejudice to the possibility for competent authorities to be informed of billing or traffic data in conformity with applicable legislation in view of settling disputes, in particular interconnection or billing disputes.

Article 7

Itemized billing

1. Subscribers shall have the right to receive non-itemized bills.

2. Member States shall apply national provisions in order to reconcile the rights of subscribers receiving itemized bills with the right to privacy of calling users and called subscribers, for example by ensuring that sufficient alternative modalities for communications or payments are available to such users and subscribers.

Article 8

Presentation and restriction of calling and connected line identification

1. Where presentation of calling-line identification is offered, the calling user must have the possibility via a simple means, free of charge, to eliminate the presentation of the calling-line identification on a per-call basis. The calling subscriber must have this possibility on a per-line basis.

2. Where presentation of calling-line identification is offered, the called subscriber must have the possibility via a simple means, free of charge for reasonable use of this function, to prevent the presentation of the calling-line identification of incoming calls.

3. Where presentation of calling-line identification is offered and where the calling line identification is presented prior to the call being established, the called subscriber must have the possibility via a simple means to reject incoming calls where the presentation of the calling-line identification has been eliminated by the calling user or subscriber.

4. Where presentation of connected line identification is offered, the called subscriber must have the possibility via a simple means, free of charge, to eliminate the presentation of the connected line identification to the calling user.

5. The provisions set out in paragraph 1 shall also apply with regard to calls to third countries originating in the Community; the provisions set out in paragraphs 2, 3 and 4 shall also apply to incoming calls originating in third countries.

6. Member States shall ensure that where presentation of calling and/or connected line identification is offered, the providers of publicly available telecommunications services inform the public thereof and of the possibilities set out in paragraphs 1, 2, 3 and 4.

Article 9

Exceptions

Member States shall ensure that the provider of a public telecommunications network and/or publicly available telecommunications service may override the elimination of presentation of the calling-line identification:

(a) on a temporary basis, on application of a subscriber requesting the tracing of malicious or nuisance calls; in this case, in accordance with national law, the data containing the identification of the calling subscriber will be stored and be made available by the provider of a public telecommunications network and/or publicly available telecommunications service;

(b) on a per-line basis for organizations dealing with emergency calls and recognized as such by a Member State, including law enforcement agencies, ambulance services and fire brigades, for the purpose of answering such calls.

Article 10

Automatic call forwarding

Member States shall ensure that any subscriber is provided, free of charge and via a simple means, with the possibility to stop automatic call-forwarding by a third party to the subscriber's terminal.

Article 11

Directories of subscribers

1. Personal data contained in printed or electronic directories of subscribers available to the public or obtainable through directory enquiry services should be limited to what is necessary to identify a particular subscriber, unless the subscriber has given his unambiguous consent to the publication of additional personal data. The subscriber shall be entitled, free of charge, to be omitted from a printed or electronic directory at his or her request, to indicate that his or her personal data may not be used for the purpose of direct marketing, to have his or her address omitted in part and not to have a reference revealing his or her sex, where this is applicable linguistically.

2. Member States may allow operators to require a payment from subscribers wishing to ensure that their particulars are not entered in a directory, provided that the sum involved is reasonable and does not act as a disincentive to the exercise of this right.

3. Member States may limit the application of this Article to subscribers who are natural persons.

Article 12

Unsolicited calls

1. The use of automated calling systems without human intervention (automatic calling machine) or facsimile machines (fax) for the purposes of direct marketing may only be allowed in respect of subscribers who have given their prior consent.

2. Member States shall take appropriate measures to ensure that, free of charge, unsolicited calls for purposes of direct marketing, by means other than those referred to in paragraph 1, are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these calls, the choice between these options to be determined by national legislation.

3. Member States may limit the application of paragraphs 1 and 2 to subscribers who are natural persons.

Article 13

Technical features and standardization

1. In implementing the provisions of this Directive, Member States shall ensure, subject to paragraphs 2 and 3, that no mandatory requirements for specific technical features are imposed on terminal or other telecommunications equipment which could impede the placing of equipment on the market and the free circulation of such equipment in and between Member States.

2. Where provisions of this Directive can be implemented only by requiring specific technical features, Member States shall inform the Commission according to the procedures provided for by Directive 83/189/EEC (1) which lays down a procedure for the provision of information in the field of technical standards and regulations.

3. Where required, the Commission will ensure the drawing-up of common European standards for the implementation of specific technical features, in accordance with Community legislation on the approximation of the laws of the Member States concerning telecommunications terminal equipment, including the mutual recognition of their conformity, and Council Decision 87/95/EEC of 22 December 1986 on standardization in the field of information technology and telecommunications (2).

Article 14

Extension of the scope of application of certain provisions of Directive 95/46/EC

1. Member States may adopt legislative measures to restrict the scope of the obligations and rights provided for in Articles 5, 6 and Article 8 (1), (2), (3) and (4), when such restriction constitutes a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of unauthorized use of the telecommunications system, as referred to in Article 13 (1) of Directive 95/46/EC.

2. The provisions of Chapter III on judicial remedies, liability and sanctions of Directive 95/46/EC shall apply with regard to national provisions adopted pursuant to this Directive and with regard to the individual rights derived from this Directive.

3. The working party on the protection of individuals with regarding to the processing of personal data established according to Article 29 of Directive 95/46/EC shall carry out the tasks laid down in Article 30 of the abovementioned Directive also with regard to the protection of fundamental rights and freedoms and of legitimate interests in the telecommunications sector, which is the subject of this Directive.

4. The Commission, assisted by the committee established by Article 31 of Directive 95/46/EC, shall technically specify the Annex according to the procedure mentioned in this Article. The aforesaid committee shall be convened specifically for the subjects covered by this Directive.

Article 15

Implementation of the Directive

1. Member States shall bring into force the laws, regulations and administrative provisions necessary for them to comply with this Directive by 24 October 1998 at the latest.

When Member States adopt these provisions, they shall contain a reference to this Directive or shall be accompanied by such a reference at the time of their official publication. The procedure for such reference shall be adopted by Member States.

2. By derogation from the last sentence of Article 6 (3), consent is not required with respect to processing already under way on the date the national provisions adopted pursuant to this Directive enter into force. In those cases the subscribers shall be informed of this processing and if they do not express their dissent within a period to be determined by the Member State, they shall be deemed to have given their consent.

3. Article 11 shall not apply to editions of directories which have been published before the national provisions adopted pursuant to this Directive enter into force.

4. Member States shall communicate to the Commission the text of the provisions of national law which they adopt in the field governed by this Directive.

Article 16

Addressees

This Directive is addressed to the Member States.

Done at . . .

For the European Parliament The President For the Council The President

(1) OJ No C 200, 22. 7. 1994, p. 4.

(2) OJ No C 159, 17. 6. 1991, p. 38.

(3) Opinion of the European Parliament of 11 March 1992 (OJ No C 94, 13. 4. 1992, p. 198), Council common position of 12 September 1996 (not yet published in the Official Journal) and Decision of the European Parliament of . . . (not yet published in the Official Journal).

(4) OJ No L 281, 23. 11. 1995, p. 31.

(5) OJ No C 257, 4. 10. 1988, p. 1.

(6) OJ No C 196, 1. 8. 1989, p. 4.

(1) OJ No L 109, 26. 4. 1983, p. 8. Directive as last amended by Directive 94/10/EC (OJ No L 100, 19. 4. 1994, p. 30).

(2) OJ No L 36, 7. 2. 1987, p. 31. Decision as last amended by the 1994 Act of Accession.

ANNEX

LIST OF DATA

For the purpose referred to in Article 6 (2) the following data may be processed:

Data containing the:

- number or identification of the subscriber station,

- address of the subscriber and the type of station,

- total number of units to be charged for the accounting period,

- called subscriber number,

- type, start time and duration of the calls made and/or the data volume transmitted,

- other information concerning payments such as advance payment, payments by instalments, disconnection and reminders.

STATEMENT OF THE COUNCIL'S REASONS

I. INTRODUCTION

On 27 July 1990 the Commission submitted a proposal for a Directive, based on Article 100a of the EC Treaty, concerning the protection of personal data and privacy in the context of digital telecommunications networks, in particular the integrated services digital network (ISDN) and public digital mobile networks.

The Economic and Social Committee delivered its opinion on 24 April 1991. The European Parliament delivered its opinion on 11 March 1992.

After re-examining its proposal in the light of those opinions, the Commission submitted an amended proposal to the European Parliament and the Council.

The Council adopted its common position in accordance with Article 189b of the Treaty on 12 September 1996.

II. AIM OF THE PROPOSAL

The proposal sets out to apply for the specific purposes of telecommunications networks the general data protection principles laid down by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995. It is accordingly designed, in a constantly changing field, to prevent Member States' legislation from developing along different lines in ways that might jeopardize the single market in telecommunications services and terminal equipment, while ensuring a high level of protection of the rights of individuals, in particular their right to privacy.

III. ASSESSMENT OF THE COMMON POSITION

1. General comments The common position adopted by the Council provides confirmation of the approach followed by the Commission in its amended proposal and of the Commission's objectives, even though the Council has been prompted to make some changes to the detailed provisions of that proposal.

In making such amendments, the Council was generally concerned to:

- align the provisions of this Directive on those of the general Directive (particularly as regards the scope, Articles 1 and 14),

- ensure that they are consistent with the Community rules already adopted or in preparation in the telecommunications sector (e.g. the definitions in Article 2),

- clarify the scope of some provisions or make them more flexible.

2. Specific comments (i) With regard to the European Parliament's amendments, the Council took the following line:

- Amendment 96, first part (private networks and services) Article 3 of the common position stipulates that the Directive applies to publicly available telecommunications services provided in public telecommunications networks. However, that Article is to be construed as allowing a Member State to apply its provisions to non-public or non-publicly available networks and services, with the proviso that Directive 95/46/EC in any case applies to the processing of personal data in the context of such networks and services.

- Amendment 97 (development of technologies) The Council went along with the Commission, which did not include in its amended proposal the new recital 21 (a) proposed by the European Parliament.

- Amendments 96 second part (value-added services), 98 (special or exclusive rights), 107 and 108 (service-providers other than telecommunications organizations) These amendments could not be accepted as they were no longer consistent with the legal situation brought about by the new Community rules governing the telecommunications sector.

- Amendment 99

The definition of a telecommunications service given in this amendment has been included in Article 2 (d).

- Amendment 100 (directories of subscribers) The content of this amendment has mainly been included in Article 11 of the common position.

However, under that provision, the principle that the right to be omitted from the directory is applicable free of charge may be departed from, subject to certain conditions. Article 11 (2) stipulates that Member States may allow operators to require a payment from subscribers for exercising that right, provided that the sum involved is reasonable and does not act as a disincentive to the exercise of the right.

It should be noted that this paragraph is to be construed as reflecting the provision agreed on the same subject matter by the Council of Europe in its recommendation No R(95)4 of 7 February 1995.

- Amendment 101 (electronic profiles of subscribers) The Council took the same line as the Commission in not including Article 4 of the original proposal, to which the amendment related. However, it believes that the protection sought by the European Parliament is in any event ensured, in general terms by Directive 95/46/EC and in the specific case of traffic and billing data by Article 6 of the common position, in particular paragraph 3.

- Amendment 102 (protection of the contents of information transmitted) The Council took the same line as the Commission in not including Article 5 of the original proposal, to which the amendment related (see the following point for traffic and billing data).

- Amendments 103 and 104 (traffic and billing data) The points about which the European Parliament was concerned have been accommodated in the various paragraphs of Article 6 of the common position.

The provision put forward by the Commission in its amended proposal with regard to traffic data is included in Article 6 (1). (The Council has also followed the Commission in not including the provision corresponding to Article 10 (1) of the original proposal - the subject of amendment 103 - which is already taken into account in the general Directive).

The provisions on billing data (Article 9 of the original proposal, Article 5 of the amended proposal) have been included in Article 6 (2), with an exhaustive list of data which may be processed for the purpose of subscriber billing now being given in an annex to the Directive, in the interests of ensuring a high level of protection.

Under Article 14 (4) of the common position, that list, which is the same as the one proposed by the Commission and endorsed by the European Parliament, may only be technically specified by the Committee established by Article 31 of Directive 95/46/EC (see Article 14 (4)). This provision is to be construed as in no way allowing the substance of the Annex and of Article 6 to be changed, for example by adding or deleting categories of data, and as merely permitting the list of data to be particularized on account of changes in technology. Substantial amendments calling into question data protection may therefore be introduced only under the procedure laid down in Article 100a of the Treaty.

All data other than those listed in that Annex to the common position, moreover, should be regarded as having to be processed in accordance with the principles in Directive 95/46/EC, especially Article 16 of it.

Article 6 (4) of the common position contains provisions on restriction of access to traffic and billing data that accommodate the concern expressed by the European Parliament in amendment 103.

- Amendment 105 (automatic call-forwarding)

This amendment is to a large extent taken into account in Article 10 of the common position, which enjoins Member States to ensure that any subscriber is provided, free of charge and via a simple means, with the possibility to stop automatic call-forwarding by a third party to the subscriber's terminal.

- Amendment 106 (teleshopping service)

The provisions contained in Article 16 of the original proposal have been omitted from the common position, as the European Parliament wished.

(ii) The other main changes made in the common position are as follows:

- Article 3:

the Directive applies to services provided via digital and analogue networks. However, the provisions of Articles 8, 9 (presentation of line identification) and 10 (automatic call-forwarding) are applicable to subscriber lines connected to analogue exchanges only where technically possible and if this does not require a disproportionate economic effort (paragraphs 2 and 3).

- Article 4 (security)

This Article corresponds to Article 8 of the original proposal.

The Article is to be understood as follows:

- the provisions of paragraph 1 are designed to establish a level of processing security consistent with that advocated by Article 17 of Directive 95/46/EC,

- as regards the provisions of paragraph 2, where, in spite of the security measures taken, there is still a particular risk of a breach of the security of the network, the provider of a telecommunications service, where appropriate together with the provider of the public telecommunications network, is in addition required to inform individuals of that risk and of possible remedies.

- Article 5 (confidentiality of communications)

The provisions on confidentiality of communications (Article 12 of the Commission proposal) have been redrafted more concisely and placed at the start of the enacting terms, after the provisions on security, in order to highlight the importance to be attached to that principle.

- Article 7 (itemized billing)

The Council has opted for a wording which reconciles the right of subscribers to be able to check the correctness of their bills with the right to the protection of privacy; recital 16 also stipulates that Member States may, in order to protect users' privacy more effectively, opt to require the deletion of a number of digits from the called number mentioned in itemized bills.

- Article 8 (presentation of calling and connected line identification)

The provisions in the amended Commission proposal with regard to calling-line identification have been redrafted so as not to be dependent upon any particular technology or terminal equipment and provisions on the connected line identification service have also been added.

With specific reference to the possibility, under paragraph 3, of rejecting a call from a user who has eliminated the presentation of identification of his line, it should be noted that this provision does not prevent Member States from prohibiting government agencies, public utilities and emergency services from rejecting calls where the presentation of the calling-line identification has been eliminated by the calling user or subscriber.

- Article 12 (unsolicited calls)

The provisions of this Article have been redrafted so as to tally with Article 10 of the common position for the Directive on distance selling.

- Article 13 of the amended proposal (technical application and modification)

This Article has been deleted and technical adaptation is now confined to the Annex, under the procedure laid down in Article 31 of Directive 95/46/EC (see the comments above on Parliament's amendments 103 and 104).

- Article 14 (3) (working party on the protection of individuals)

The Council, supported by the Commission, considers that the working party, set up under Article 29 of Directive 95/46/EC, which also has a role to play in the implementation of this Directive, could for the purposes of the Directive usefully draw on the expertise of the national regulatory authorities for telecommunications by where appropriate inviting representatives of those authorities to its meetings as experts.

- Article 15 (implementation of the Directive)

For transposition of the Directive into national law in the Member States, the Council has opted for the same time limit as for the general Directive, with a deadline of 24 October 1998.