Directive Private Life And Electronic Communications Of July 12, 2002
LexInter | October 4, 2003 | 0 Comments

Directive Private Life And Electronic Communications Of July 12, 2002

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty establishing the European Community, and in particular Article 95 thereof,
Having regard to the proposal from the Commission (1),
Having regard to the opinion of the Economic and Social Committee (2),
After consulting the Committee of the Regions ,
Acting in accordance with the procedure referred to in Article 251 of the Treaty (3),
Whereas:
(1) Directive 95/46 / EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (4) requires that Member States protect the rights and freedoms of individuals with regard to the processing of personal data, and in particular the right to respect for their private life, in order to ensure the free movement of personal data in the Community.
(2) This Directive aims to respect fundamental rights and observes the principles recognized in particular by the Charter of Fundamental Rights of the European Union. In particular, it aims to guarantee full respect for the rights set out in Articles 7 and 8 of this charter.
(3) The confidentiality of communications is guaranteed in accordance with international human rights instruments, in particular the European Convention for the Protection of Human Rights and Fundamental Freedoms and the constitutions of the Member States.
(4) Directive 97/66 / EC of the European Parliament and of the Council of 15 December 1997 on the processing of personal data and the protection of privacy in the telecommunications sector (5) reflected the principles defined in the Directive 95/46 / EC in specific rules applicable to the telecommunications sector. Directive 97/66 / EC must be adapted to developments in the markets and technologies of electronic communications services in order to guarantee an equal level of protection of personal data and privacy for users of accessible electronic communications services. to the public, regardless of the technologies used. That Directive should therefore be repealed and replaced by this Directive.
(5) New advanced digital technologies which pose specific requirements for the protection of personal data and the privacy of users are being introduced into the public communications networks of the Community. The development of the information society is characterized by the introduction of new electronic communications services. Access to digital mobile networks has opened up to a wide audience, on affordable terms. These digital networks offer great capacities and wide possibilities for the processing of personal data. The success of the cross-border development of these services depends in part on the confidence that users will have that these services will not invade their privacy.
(6) The Internet is disrupting traditional business structures by providing a common global infrastructure for the provision of a variety of electronic communications services. Publicly available electronic communications services on the Internet open up new possibilities for users, but also present new dangers for their personal data and privacy.
(7) In the case of public communications networks, specific legislative, regulatory and technical provisions should be adopted in order to protect the fundamental rights and freedoms of natural persons and the legitimate interests of legal persons, in particular with regard to the increased capacity for automated storage and processing of subscriber and user data.
(8) The laws, regulations and technical provisions adopted by the Member States concerning the protection of personal data, privacy and the legitimate interests of legal persons in the electronic communications sector should be harmonized in order to to avoid creating obstacles to the internal electronic communications market in accordance with Article 14 of the Treaty. Harmonization should be limited to the requirements necessary to ensure that the promotion and development of new electronic communications services and networks between Member States are not hampered.
(9) Member States, suppliers and users concerned, as well as the competent Community institutions, should cooperate in the design and development of relevant technologies where this is necessary to implement the guarantees provided for in this Directive, taking into account take particular account of the objectives of minimizing the processing of personal data and of using anonymous or pseudonymous data where possible.
(10) In the electronic communications sector, Directive 95/46 / EC is applicable in particular to all aspects of the protection of fundamental rights and freedoms which do not expressly come within the scope of this Directive, including obligations to which the person responsible for processing personal data and individual rights are subject. Directive 95/46 / EC applies to non-public electronic communications services.
(11) Like Directive 95/46 / EC, this Directive does not deal with questions of the protection of fundamental rights and freedoms relating to activities which are not governed by Community law. It does not therefore alter the existing balance between the right of individuals to privacy and the possibility available to Member States to take measures such as those referred to in Article 15 (1) of this Directive, necessary to the protection of public safety, defense, state security (including the economic prosperity of the state when it comes to activities related to state security) and application of criminal law. Therefore, this Directive is without prejudice to the right of the Member States to carry out lawful interceptions of electronic communications or to take other measures if this proves necessary to achieve any of the aforementioned aims, while respecting the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the European Court of Human Rights in its judgments. These measures must be appropriate, strictly proportionate to the aim pursued and necessary in a democratic society. They should also be subject to appropriate guarantees, with due regard for the European Convention for the Protection of Human Rights and Fundamental Freedoms. adopt other measures if this proves necessary to achieve any of the aforementioned aims, with due regard for the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the European Court of Justice human rights in its judgments. These measures must be appropriate, strictly proportionate to the aim pursued and necessary in a democratic society. They should also be subject to appropriate guarantees, with due regard for the European Convention for the Protection of Human Rights and Fundamental Freedoms. adopt other measures if this proves necessary to achieve any of the aforementioned aims, with due regard for the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the European Court of Justice human rights in its judgments. These measures must be appropriate, strictly proportionate to the aim pursued and necessary in a democratic society. They should also be subject to appropriate guarantees, with due regard for the European Convention for the Protection of Human Rights and Fundamental Freedoms. as interpreted by the European Court of Human Rights in its judgments. These measures must be appropriate, strictly proportionate to the aim pursued and necessary in a democratic society. They should also be subject to appropriate guarantees, with due regard for the European Convention for the Protection of Human Rights and Fundamental Freedoms. as interpreted by the European Court of Human Rights in its judgments. These measures must be appropriate, strictly proportionate to the aim pursued and necessary in a democratic society. They should also be subject to appropriate guarantees, with due regard for the European Convention for the Protection of Human Rights and Fundamental Freedoms.
(12) Subscribers to a publicly available electronic communications service may be natural or legal persons. By supplementing Directive 95/46 / EC, this Directive aims to protect the fundamental rights of natural persons and in particular the right to respect for their private life, as well as the legitimate interests of legal persons. This Directive does not include any obligation for the Member States to extend the application of Directive 95/46 / EC to the protection of the legitimate interests of legal persons, which is guaranteed under the Community and national legislation in force.
(13) The contractual relationship between a subscriber and a service provider may provide for a periodic payment or a one-off payment for the service provided or to be provided. Prepayment cards are also considered a contract.
(14) By “location data” we can mean the latitude, longitude and altitude of the location of the user’s terminal equipment, the direction of movement, the degree of accuracy in the information on the location. location, the identification of the cell of the network where the terminal equipment is located at a given time, or even the time at which the location information was recorded.
(15) A communication may include any information consisting of a name, number or address, supplied by the person making the communication or the person using a connection to effect the communication. Traffic data may include any translation of such information performed by the network through which the communication is transmitted in order to effect the transmission. Data relating to traffic may, among other things, include data relating to the routing, duration, time or volume of a communication, the reference protocol, the location of the terminal equipment of the sender or recipient, the start or end network of the communication, or the start, end or duration of a connection.
(16) Information which forms part of a broadcasting service provided over a public communications network is intended for a virtually unlimited number of listeners and / or viewers and does not constitute a communication within the meaning of this directive. On the other hand, when it is possible to identify the subscriber or individual user who receives this information, as, for example, in the case of the provision of video-on-demand services, the information conveyed falls within the definition of “communication” within the meaning of this Directive.
(17) For the purposes of this Directive, the consent of a user or subscriber, whether the latter is a natural or legal person, should have the same meaning as the consent of the data subject as defined and further specified. by Directive 95/46 / EC. Consent can be given in any appropriate way allowing the user to indicate his wishes freely, in a specific and informed manner, including by checking a box when visiting a website.
(18) Value-added services may, for example, include advice on the most advantageous price packages or route guidance, information on traffic conditions, weather forecasts or tourist information.
(19) The application of certain requirements relating to the presentation and restriction of calling and connected line identification and automatic call forwarding to subscriber lines connected to analogue exchanges should not be made compulsory. in specific cases where such an application would prove technically impossible or would require a disproportionate economic effort. It is important that interested parties are informed of these cases and Member States should therefore communicate them to the Commission.
(20) Service providers should take appropriate measures to ensure the security of their services, where appropriate jointly with the network provider, and inform subscribers of the particular risks associated with a breach of network security. Such risks may in particular affect electronic communications services provided through an open network such as the Internet or analogue mobile telephony. It is particularly important that the subscribers and users of these services are fully informed by their service provider of the existing security risks against which the latter has no means of action. Service providers who offer publicly available electronic communications services over the Internet should inform users and subscribers of the steps they can take to secure their communications, for example by using specific types of software or encryption techniques. The obligation imposed on a service provider to inform subscribers of certain security risks does not exempt it from immediately taking the appropriate measures to remedy any new unforeseeable security risk and restore the normal level of security. security of the service, the costs being its sole responsibility. Subscriber information on security risks should be free of charge, except for the nominal charge that a subscriber may be made to support when receiving or collecting information, for example by downloading a message received by e-mail. Safety is assessed with regard to Article 17 of Directive 95/46 / EC.
(21) Measures should be taken to prevent unauthorized access to communications in order to protect the confidentiality of communications made by means of public communications networks and publicly available electronic communications services, including their content and any data relating to these communications. The national legislation of some Member States only prohibits intentional unauthorized access to communications.
(22) The prohibition on the storage of communications and related traffic data by persons other than users or without their consent is not intended to prohibit any automatic, intermediate and transitory storage of such information if this storage takes place for the sole purpose of effecting transmission in the electronic communications network, provided that the information is not stored for a period longer than the time necessary for transmission and traffic management and that during the storage period the confidentiality of information remains guaranteed. To the extent required for the more efficient transmission of publicly available information to other recipients of the service at their request,
(23) Confidentiality of communications should also be ensured in lawful commercial transactions. If necessary and subject to legal authorization, communications may be recorded to serve as proof of a business transaction. Directive 95/46 / EC is applicable in such a case. Parties to communications should be informed of the recording before it takes place, the reason (s) for which the communication is being recorded, and how long the recording is stored. The recorded communication should be erased as soon as possible and, in any event, upon expiration of the statutory period of appeal against the transaction.
(24) The user’s terminal equipment of an electronic communications network as well as any information stored on this equipment is a matter of the user’s privacy, which must be protected under the European Convention for the Protection of Rights. of man and fundamental freedoms. However, spyware, invisible pixels (web bugs), hidden identifiers and other similar devices can enter the user’s terminal without his knowledge in order to be able to access information, store hidden information or track activities. of the user, and may seriously infringe the user’s privacy. The use of such devices should only be permitted for legitimate purposes, and with the knowledge of the
(25) However, devices of this type, for example, cookies, can constitute a legitimate and useful tool, for example to evaluate the effectiveness of the design of a site and the advertising made for it. site, as well as to control the identity of users carrying out online transactions. Where devices of the aforementioned type, such as cookies, are intended for legitimate purposes, for example to facilitate the provision of information society services, their use should be permitted provided that users are given instructions. clear and precise information, in accordance with Directive 95/46 / EC, on the purpose of cookies or similar devices so as to be aware of the information placed on the terminal equipment they use. Users should be able to opt out of a cookie or similar device being placed on their terminal equipment. This point is particularly important for cases where users other than the original user have access to the terminal equipment and therefore to the sensitive data of a private nature stored there. Information relating to the use of several devices to be installed on the user’s terminal equipment as well as the right to refuse these devices may be offered all at once during the same connection, and also cover the future use that could be made from these devices during subsequent connections. The methods used to communicate information, offering a right of refusal or asking for consent should be as user-friendly as possible. Access to the content of a specific site may, however, be subject to knowingly accepting the installation of a cookie or similar device, if this is used. for legitimate purposes.
(26) Data relating to subscribers which are processed in electronic communications networks to establish connections and transmit information contain information on the private life of natural persons and affect the right to secrecy of their correspondence as well as legitimate interests legal persons. This data can only be stored insofar as this is necessary for the provision of the service, for the purposes of invoicing and payments for interconnection, and for a limited period of time. Any other processing of such data that the provider of the publicly available electronic communications service may wish to carry out for the marketing of electronic communications services or for the provision of value-added services can only be authorized if the subscriber has given his agreement on the basis of precise and complete information provided by the provider of the publicly available electronic communications service on the nature of the other processing operations he intends to carry out, as well as on the subscriber’s right to not to give consent to these treatments or to withdraw consent. Traffic data used for the marketing of communications services or for the provision of value-added services, where the services in question have been provided, should also be erased or made anonymous. Service providers should always keep their subscribers informed of the types of data they process, the purposes of such processing and its duration. precise and complete information provided by the provider of the electronic communications service accessible to the public on the nature of the other processing operations that it intends to carry out, as well as on the subscriber’s right not to give his consent to such processing or to withdraw consent. Traffic data used for the marketing of communications services or for the provision of value-added services, where the services in question have been provided, should also be erased or made anonymous. Service providers should always keep their subscribers informed of the types of data they process, the purposes of such processing and its duration. precise and complete information provided by the provider of the electronic communications service accessible to the public on the nature of the other processing operations that it intends to carry out, as well as on the subscriber’s right not to give his consent to such processing or to withdraw consent. Traffic data used for the marketing of communications services or for the provision of value-added services, where the services in question have been provided, should also be erased or made anonymous. Service providers should always keep their subscribers informed of the types of data they process, the purposes of such processing and its duration.
(27) The exact point at which the transmission of a communication ends, after which traffic data must be erased except for billing purposes, may depend on the type of electronic communications service provided. Thus, in the case of a call by voice telephony, the transmission stops as soon as one or the other of the users interrupts the connection and, in the case of an electronic mail, the transmission ends as soon as the recipient recovers the message, usually from its service provider’s server.
(28) The obligation to erase or anonymize traffic data when it is no longer necessary for the purpose of transmitting a communication is not inconsistent with the procedures used on the Internet, such as that of caching, in the domain name system, for IP addresses or for the links between an IP address and a physical address, or the use of information relating to the connection to control the right access to networks or services.
(29) If necessary, and on a case-by-case basis, the provider of a service may process traffic data relating to subscribers or users in order to detect a technical failure or an error in the transmission of data. communications. Traffic data required for billing may also be processed by the service provider if it is a question of detecting and putting an end to fraudulent practices consisting in using the electronic communications service without paying for it.
(30) The systems developed for the provision of electronic communications networks and services should be designed in such a way as to keep to an absolute minimum the amount of personal data required. Any activity which is part of the provision of an electronic communications service and which goes beyond the simple transmission of a communication or its invoicing should be based on aggregated traffic data which cannot be not be assigned to individual subscribers or users. If this activity cannot be based on aggregated data, it should be regarded as a value-added service, for which the consent of the subscriber is necessary.
(31) The question of whether it is from the user or the subscriber who should obtain the consent in order to be able to process personal data with a view to providing a given value-added service will depend on the data to be processed and the type of service to be provided but also whether or not it is possible, at technical, procedural and contractual levels, to distinguish the individual who uses an electronic communications service from the person, natural or legal, who is there is subscribed.
(32) When the provider of an electronic communications service or of a value-added service subcontracts the processing of personal data necessary for the provision of said services, this subcontracting and the processing of the data resulting therefrom ensues should fully comply with the requirements of Directive 95/46 / EC as regards those responsible for the control and processing of personal data. When, to enable the provision of a value-added service, traffic or location data is transmitted by an electronic communications service provider to a value-added service provider,
(33) The introduction of itemized invoices has improved the possibilities offered to the subscriber to verify the accuracy of the amounts invoiced by the service provider, but at the same time it risks compromising the privacy of users of publicly available electronic communications services. . Therefore, in order to protect the privacy of users, Member States should encourage the development, in the field of electronic communications services, of options such as new payment formulas allowing access on an anonymous or strictly private basis. publicly available electronic communications services, such as calling cards and credit card payment facilities. For the same purposes,
(34) It is necessary, with respect to calling line identification, to protect the right of the caller to prevent the presentation of the line identification from which the caller is The call is made, as well as the right of the called party to reject calls from unidentified lines. In specific cases, it is justified to prevent the presentation of the calling line identification from being suppressed. Some subscribers, especially hotlines and other similar organizations, have an interest in ensuring the anonymity of those who call them. It is necessary, with regard to the identification of the connected line, to protect the right and the legitimate interest of the called party to prevent the presentation of the identification of the line to which the originator of the call is actually connected, in particular in the case of diverted calls. Providers of publicly available electronic communications services should inform their subscribers of the existence, on the network, of calling and connected line identification, as well as of all services offered on the basis of the identification of calls. calling and connected lines and the possibilities offered in terms of privacy protection. This will allow subscribers to make an informed choice, among the possibilities offered to them in terms of privacy protection, those which they would like to make use of.
(35) In mobile communications networks, location data indicating the geographic position of the mobile user’s terminal equipment is processed to enable communications to be transmitted. These data are traffic data covered by Article 6 of this Directive. However, digital mobile networks may also have the capacity to process location data which is more precise than required for the transmission of communications and which is used for the provision of value-added services such as personalized information services. on traffic and driver guidance. The processing of such data for the provision of value-added services should only be permitted when subscribers have given their consent. Even so, subscribers should have an easy way to temporarily prohibit the processing of location data for free.
(36) Member States may provide for a limitation of the user’s or subscriber’s right to privacy with regard to calling line identification where this is necessary to determine the origin of malicious calls and in with regard to the identification and location data of the calling line when necessary to enable emergency services to intervene as effectively as possible. For these purposes, Member States may adopt specific measures allowing providers of electronic communications services to make calling line identification and location data available without the prior consent of the user or subscriber concerned. .
(37) It is important to protect subscribers against any inconvenience caused to them by automatic call forwarding by other persons. In addition, in such a case, subscribers must be able to stop the transfer of calls forwarded to their terminals on simple request addressed to the provider of the publicly available electronic communications service.
(38) Directories of subscribers to electronic communications services are widely distributed and public. To protect the privacy of natural persons and the legitimate interest of legal persons, it is important for the subscriber to be able to determine whether the personal data concerning him should be published in a directory and, if so, which of these data must be made public. The providers of public directories should inform the subscribers who will appear in such directories of the purposes for which they are established and of any particular use that may be made of the electronic versions of the public directories, in particular through the search functions integrated into the directory. software,
(39) The party who collects personal data from subscribers should be responsible for informing them of the purposes for which public directories containing personal data concerning them are established. If these data can be transmitted to one or more third parties, the subscriber should be informed of this possibility as well as of the possible recipients or categories of recipients. Such transmission should only be possible if it is guaranteed that the data cannot be used for purposes other than those for which they were collected. If the party who collected this data from the subscriber or any third party to whom it was transmitted wishes to use it for other purposes,
(40) It is important to protect subscribers against any invasion of their privacy through unsolicited communications made for direct marketing purposes, in particular by means of automated calling machines, faxes and electronic mail, including short messages (SMS). While these forms of unsolicited commercial communications may be relatively easy and inexpensive to send, they may impose a burden and / or cost on the recipient. In addition, in some cases, their volume can pose a problem for electronic communications networks and terminal equipment. With regard to these forms of unsolicited communications made for the purpose of direct marketing, it is justified to require the sender to he has obtained the recipient’s prior consent before sending them to him. The single market requires a harmonized approach in this regard so that both businesses and users have simple rules that apply at Community level.
(41) In the context of an existing customer-supplier relationship, it is reasonable to authorize the company which, in accordance with Directive 95/46 / EC, has obtained the electronic contact details, and exclusively this company, to operate these electronic contact details to offer the customer similar products or services. When electronic contact details are collected, the customer should be clearly and distinctly informed about their subsequent use for direct prospecting purposes and be given the option to oppose this use. This possibility should continue to be offered for each subsequent direct prospecting message, free of charge, apart from the costs linked to the transmission of the refusal.
(42) There are other forms of direct marketing which are more onerous for the sender and do not impose any financial burden on the subscriber or user, such as personal telephone calls, and which could justify the establishment of a system allowing subscribers and users to indicate that they do not wish to receive such calls. In order not to lower existing levels of privacy protection, Member States should nevertheless be allowed to maintain national systems in force and only allow calls to subscribers or users who have given their consent. prior.
(43) In order to facilitate the effective implementation of the Community rules relating to unsolicited direct marketing messages, it is important to prohibit the sending of unsolicited messages for direct marketing purposes under a false identity, a false address of answer or wrong number.
(44) Some electronic messaging systems allow subscribers to view the name of the sender and subject of an electronic message, as well as to erase the message without having to download the rest of the contents of that message or any other message. attachment, which reduces the costs that could be incurred by downloading an unsolicited e-mail or one of its attachments. In some cases, such modalities may continue to prove useful as a complementary tool to the general requirements set out in this Directive.
(45) This Directive is without prejudice to the provisions which Member States take to protect the legitimate interests of legal persons with regard to unsolicited communications for the purpose of direct marketing. When Member States establish an opt-out register for the communications in question addressed to legal persons, mainly professional users, the provisions of Article 7 of Directive 2000/31 / EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, and in particular electronic commerce, in the internal market (Directive on electronic commerce) (6) fully apply.
(46) The functionalities enabling the provision of electronic communications services may be integrated into the network or into any part of the user’s terminal equipment, including software. The protection of personal data and the privacy of the user of publicly available electronic communications services should be independent of the configuration of the various elements necessary for the provision of the service and of the distribution of the required functionalities among those elements. Directive 95/46 / EC applies to all forms of processing of personal data, regardless of the technology used. The existence of specific rules for electronic communications services alongside general rules applying to the other elements necessary for the provision of these services may not facilitate the protection of personal data and privacy in a technologically neutral manner. It may, therefore, be necessary to adopt measures requiring manufacturers of certain types of equipment used for electronic communications services to incorporate safeguards into their products in order to ensure the protection of personal data and data. privacy of users and subscribers. The adoption of such measures in accordance with Directive 1999/5 / EC of the European Parliament and of the Council of 9 March 1999 on radio equipment and telecommunications terminal equipment and the mutual recognition of their conformity (7) will ensure that the
(47) Where the rights of users and subscribers are not respected, national law should provide for judicial remedies. Sanctions should be imposed on any person, whether governed by private or public law, who does not comply with national measures taken under this Directive.
(48) It is useful, within the scope of this Directive, to draw on the experience acquired by the group for the protection of individuals with regard to the processing of personal data, composed of representatives of the authorities designated by each Member State, established by Article 29 of Directive 95/46 / EC.
(49) In order to facilitate compliance with this Directive, certain specific provisions are necessary for the processing of data in progress on the date of entry into force of the national provisions transposing this Directive into the national law of the Member States,
HAVE ADOPTED THIS DIRECTIVE:

Article 1
Scope and objective
1. This Directive harmonizes the provisions of the Member States necessary to ensure an equivalent level of protection of fundamental rights and freedoms, and in particular of the right to privacy, as regards the processing of personal data in the sector of electronic communications, as well as the free movement of such data and of electronic communications equipment and services within the Community.
2. The provisions of this Directive specify and supplement Directive 95/46 / EC for the purposes set out in paragraph 1. In addition, they provide for the protection of the legitimate interests of subscribers who are legal persons.
3. This Directive does not apply to activities which are not covered by the Treaty establishing the European Community, such as those referred to in Titles V and VI of the Treaty on European Union, and, in any event, to activities relating to public security, defense, state security (including the economic prosperity of the state when it comes to activities related to state security) or state activities in areas of criminal law.

Article 2
Definitions
Unless otherwise provided, the definitions contained in Directive 95/46 / EC and in Directive 2002/21 / EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services ( Framework Directive) (8) apply for the purposes of this Directive.
The following definitions also apply:
a) “user”: any natural person using a publicly available electronic communications service for private or professional purposes without necessarily having subscribed to this service;
b) “traffic data”: all data processed for the purpose of routing a communication over an electronic communications network or for billing it;
(c) “location data” means all data processed in an electronic communications network indicating the geographical position of the terminal equipment of a user of a publicly available electronic communications service;
d) “communication”: any information exchanged or conveyed between a finite number of parties by means of an electronic communications service accessible to the public. This does not include information which is conveyed as part of a broadcasting service to the public through an electronic communications network, except to the extent that a link can be established between the information and the subscriber. or identifiable user who receives it;
(e) “call” means a connection established by means of a publicly available telephone service allowing two-way communication in real time;
(f) “consent” of a user or subscriber corresponds to the “consent of the data subject” in Directive 95/46 / EC;
(g) “value-added service”: any service which requires the processing of data relating to traffic or location, excluding data which is not essential for the transmission of a communication or its invoicing;
h) “electronic mail”: any message in the form of text, voice, sound or image sent over a public communications network which may be stored in the network or in the

Article 3
Services concerned
1. This Directive shall apply to the processing of personal data in the framework of the provision of electronic communications services accessible to the public on public communications networks in the Community.
2. Articles 8, 10 and 11 apply to subscriber lines connected to digital exchanges and, where technically possible and does not require a disproportionate economic effort, to subscriber lines connected to analogue exchanges.
3. Where it is technically impossible to comply with the requirements of Articles 8, 10 and 11 or where this requires a disproportionate economic effort, Member States shall inform the Commission thereof.

Article 4
Security
1. The provider of a publicly available electronic communications service shall take appropriate technical and organizational measures to ensure the security of its services, where applicable jointly with the provider of the public communications network with regard to the network security. Taking into account the most recent technical possibilities and the cost of their implementation, these measures guarantee a degree of security suited to the existing risk.
2. When there is a particular risk of breach of network security, the provider of a publicly available electronic communications service shall inform subscribers of this risk and, if the measures that the provider of the service can take do not allow to set it aside, from any possible means of remedying it, including indicating its probable cost.

Article 5
Confidentiality of communications
1. Member States shall ensure, by national law, the confidentiality of communications made by means of a public communications network and publicly available electronic communications services, and the confidentiality of traffic data relating thereto. In particular, they prohibit any person other than users from listening to, intercepting, storing communications and related traffic data, or subjecting them to any other means of interception or surveillance, without the consent of the users concerned except where this person is legally authorized to do so, in accordance with Article 15, paragraph 1. This paragraph does not prevent the technical storage necessary for the routing of a communication,
2. Paragraph 1 shall not affect the legally authorized recording of communications and related traffic data, when carried out within the framework of lawful professional uses, in order to provide proof of a commercial transaction or of any other commercial communication.
3. Member States shall ensure that the use of electronic communications networks for the purpose of storing information or accessing information stored in the terminal equipment of a subscriber or user is only permitted on condition that the subscriber or user is provided, in compliance with Directive 95/46 / EC, with clear and complete information, inter alia on the purposes of the processing, and that the subscriber or user has the right to refuse such processing by the data controller. This provision does not preclude storage or technical access aimed exclusively at carrying out or facilitating the transmission of a communication by way of an electronic communications network,

Article 6
Traffic
data 1. Traffic data concerning subscribers and users processed and stored by the provider of a public communications network or of a publicly available electronic communications service shall be erased or made anonymous when ‘they are no longer necessary for the transmission of a communication without prejudice to paragraphs 2, 3 and 5 of this article as well as to article 15, paragraph 1.
2. Traffic data which is necessary to establish subscriber bills and interconnection payments may be processed. Such processing is only permitted until the end of the period during which the invoice can be legally contested or proceedings instituted to obtain payment thereof.
3. In order to market its electronic communications services or to provide value-added services, the provider of a publicly available electronic communications service may process the data referred to in paragraph 1 to the extent and for the duration necessary for the provision or to the marketing of these services, provided that the subscriber or user concerned by these data has given his consent. Users or subscribers have the option of withdrawing their consent for the processing of traffic data at any time.
4. The service provider must inform the subscriber or user of the types of traffic data that are processed as well as the duration of such processing for the purposes referred to in paragraph 2 and, before obtaining their consent, for the purposes referred to in paragraph 3.
5. The processing of traffic data carried out in accordance with the provisions of paragraphs 1, 2, 3 and 4 must be restricted to persons acting under the authority of providers of public communications networks and of publicly available electronic communications services which are responsible for billing or traffic management, responding to customer inquiries, detecting fraud and marketing electronic communications services or providing a value-added service; this processing should be limited to what is necessary for such activities.
6. Paragraphs 1, 2, 3 and 5 apply without prejudice to the possibility for the competent bodies to have traffic data communicated to each other in accordance with the legislation in force for the purpose of settling disputes, in particular in interconnection or billing matters.

Article 7
Itemized invoicing
1. Subscribers have the right to receive non-itemized invoices.
2. Member States shall apply national provisions in order to reconcile the rights of subscribers receiving detailed invoices with the right to privacy of calling users and called subscribers, for example by ensuring that said users and subscribers have additional arrangements sufficient to enhance privacy for communications or payments.

Article 8
Presentation and restriction of the identification of the calling line and the connected line
1. In cases where calling line identification presentation is offered, the service provider shall offer the calling user, by a simple and free means, the possibility of preventing the presentation of the calling line identification. the calling line, on a call-by-call basis. The calling subscriber must have this possibility for each line.
2. In cases where calling line identification presentation is offered, the service provider must offer the called subscriber, by a simple means and free of charge for a reasonable use of this function, the possibility of preventing the presentation of the calling line identification for incoming calls.
3. In cases where calling line identification presentation is offered and calling line identification is presented before the call is set up, the service provider shall offer the called subscriber, by a simple means, the possibility of refusing incoming calls when the user or the calling subscriber has prevented the presentation of the calling line identification.
4. In cases where the presentation of the connected line identification is offered, the service provider must offer the called subscriber, by a simple and free means, the possibility of preventing the presentation of the identification of the connected line. the line connected to the calling user.
5. Paragraph 1 shall also apply to calls originating in the Community to third countries. Paragraphs 2, 3 and 4 also apply to incoming calls from third countries.
6. Member States shall ensure that, in cases where calling line identification presentation and / or connected line identification is offered, providers of publicly available electronic communications services inform the public of this situation. , as well as the possibilities provided for in paragraphs 1, 2, 3 and 4.

Article 9
Location data other than traffic data
1. Where location data, other than traffic data, relating to users or subscribers of public communications networks or publicly available electronic communications services or subscribers to such networks or services, may be processed, they shall not be processed. will only be made anonymous or with the consent of users or subscribers, to the extent and for the duration necessary for the provision of a value-added service. The service provider must inform users or subscribers, before obtaining their consent, of the type of location data other than traffic data that will be processed, the purposes and duration of this processing, and whether or not the data will be transmitted to a third party for the provision of the value-added service. Users or subscribers have the option to withdraw their consent for the processing of location data other than traffic data at any time.
2. When users or subscribers have given their consent to the processing of location data other than traffic data, they must retain the possibility of temporarily prohibiting, by a simple and free means, the processing of such data for each connection to the network or for each communication transmission.
3. The processing of location data other than data relating to traffic carried out in accordance with paragraphs 1 and 2 must be restricted to persons acting under the authority of the provider of the public communications network or publicly available electronic communications service or of the third party. which provides the value-added service, and must be limited to what is necessary to ensure the provision of the value-added service.

Article 10
Exceptions
Member States shall ensure that transparent procedures governing the way in which a provider of a public communications network or electronic communications service service may override:
a) the elimination of the presentation the identification of the calling line, on a temporary basis, when a subscriber requests the identification of malicious or disturbing calls; in this case, in accordance with domestic law, the data allowing the identification of the calling subscriber will be kept and made available by the provider of a public communications network and / or an electronic communications service accessible to the public;
b) the removal of the presentation of the calling line identification and the temporary prohibition or lack of consent of a subscriber or user with regard to the processing of location data, line by line, for bodies responsible for handling emergency calls and recognized as such by a Member State, including police services, ambulance services and firefighters, for the purpose of responding to such calls.

Article 11
Automatic call
forwarding Member States shall ensure that any subscriber has the possibility, by a simple and free means, of putting an end to the automatic forwarding of calls by a third party to his terminal.

Article 12
Subscriber directories
1. Member States shall ensure that subscribers are informed free of charge and before being registered therein of the purposes for which printed or electronic directories of subscribers accessible to the public or searchable through directory inquiry services are established, in which personal data concerning them may be included, as well as any other possibility of use based on search functions integrated in the electronic versions of the directories.
2. Member States shall ensure that subscribers have the possibility to decide whether personal data concerning them, and which of these data, should be included in a public directory, to the extent that such data is relevant to the according to the directory in question as established by the directory provider. They also ensure that subscribers can verify, correct or delete this data. The non-registration in a public directory of subscribers, the verification, the correction or the deletion of personal data in such a directory is free.
3. Member States may request that the consent of subscribers is also required for any purpose of a public directory other than the simple search for the contact details of a person on the basis of his name and, if necessary, of a limited number of persons. ‘other parameters.
4. Paragraphs 1 and 2 apply to subscribers who are natural persons. Member States shall also ensure, within the framework of Community law and applicable national laws, that the legitimate interests of subscribers other than natural persons are sufficiently protected with regard to their listing in public directories.

Article 13
Unsolicited communications
1. The use of automated call systems without human intervention (automatic calling machines), fax machines or e-mail for direct marketing purposes may only be authorized if it targets subscribers who have given their prior consent.
2. Notwithstanding paragraph 1, where, in compliance with Directive 95/46 / EC, a natural or legal person has, in the context of a sale of a product or a service, obtained directly from its customers their electronic contact details for an e-mail, said natural or legal person may use these electronic contact details for direct prospecting purposes for similar products or services that they themselves provide provided that said customers are clearly and expressly given the right to object, free of charge and in a simple manner, to such use of electronic contact details when they are collected and during each message, in the event that they have not refused from the outset such use.
3. Member States shall take the appropriate measures to ensure that, at no cost to the subscriber, unsolicited communications by the latter and made for the purpose of direct marketing, in cases other than those referred to in paragraphs 1 and 2 are not not authorized, either without the consent of the subscribers concerned, or with regard to subscribers who do not wish to receive these communications, the choice between these two solutions being governed by national law.
4. In all cases, it is forbidden to send electronic messages for the purposes of direct prospecting by camouflaging or concealing the identity of the sender in whose name the communication is made, or without indicating to.
5. Paragraphs 1 and 3 apply to subscribers who are natural persons. Member States shall also ensure, within the framework of Community law and applicable national laws, that the legitimate interests of subscribers other than natural persons are sufficiently protected with regard to unsolicited communications.

Article 14
Technical characteristics and standardization
1. When implementing the provisions of this Directive, Member States shall, subject to paragraphs 2 and 3, ensure that no requirements relating to specific technical characteristics are imposed on terminals or other electronic communications equipment if it risks hindering the placing on the market of equipment and the free movement of such equipment within and between Member States.
2. Where the provisions of this Directive can only be implemented by imposing specific technical characteristics on electronic communications networks, Member States shall inform the Commission thereof, in accordance with the procedures provided for in Directive 98/34 / EC of European Parliament and of the Council of 22 June 1998 providing for an information procedure in the field of technical standards and regulations and rules relating to information society services (9).
3. If necessary, measures may be adopted to ensure that terminal equipment is constructed in a manner compatible with the rights of users to protect and control the use of their personal data, in accordance with Directive 1999/5 / EC and Council Decision 87/95 / EEC of 22 December 1986 on standardization in the field of information technology and telecommunications (10).

Article 15
Application of certain provisions of Directive 95/46 / EC
1. Member States may adopt legislative measures aimed at limiting the scope of the rights and obligations provided for in Articles 5 and 6, in Article 8 (1), 2, 3 and 4, and in Article 9 of the this Directive where such a limitation constitutes a necessary, appropriate and proportionate measure, in a democratic society, to safeguard national security – i.e. state security – defense and public safety , or ensure the prevention, investigation, detection and prosecution of criminal offenses or unauthorized use of the electronic communications system, as provided for in Article 13 (1) of Directive 95/46 / EC. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period when this is justified by one of the reasons set out in this paragraph. All the measures referred to in this paragraph shall be taken in compliance with the general principles of Community law, including those referred to in Article 6 (1) and (2) of the Treaty on European Union.
2. The provisions of Chapter III of Directive 95/46 / EC relating to judicial remedies, liability and penalties shall apply to national provisions adopted pursuant to this Directive as well as to individual rights resulting from this Directive.
3. The group for the protection of individuals with regard to the processing of personal data, set up by Article 29 of Directive 95/46 / EC, also fulfills the tasks referred to in Article 30 of that Directive in this regard. which concerns the matters covered by this Directive, namely the protection of fundamental rights and freedoms and of legitimate interests in the electronic communications sector.


Article 16
Transitional provisions
1. Article 12 shall not apply to editions of directories which have already been established or marketed in paper version or in offline electronic version before the entry into force of the national provisions adopted pursuant to this Directive.
2. If the personal data concerning subscribers to public fixed or mobile voice telephony services have been inserted in a public directory of subscribers in accordance with the provisions of Directive 95/46 / EC and Article 11 of the Directive 97/66 / EC before the provisions of national law adopted by the Member States to comply with this Directive have entered into force, the personal data of said subscribers may continue to appear in this public directory in its paper version or electronic, including versions with reverse lookup functions, unless said subscribers, after having been fully informed of their rights and of the purposes for which the directory is established, in accordance with Article 12 of this Directive, oppose it.


Article 17
Transposition
1. Member States shall bring into force before 31 October 2003 the provisions necessary to comply with this Directive. They shall immediately inform the Commission thereof.
When Member States adopt these provisions, they shall contain a reference to this Directive or shall be accompanied by such reference on the occasion of their official publication. The modalities of this reference are decided by the Member States.
2. Member States shall communicate to the Commission the text of the provisions of national law which they adopt in the field governed by this Directive, and of any subsequent amendment to those provisions.

Article 18
Review
No later than three years after the date referred to in Article 17 (1), the Commission shall submit to the European Parliament and to the Council a report on the application of this Directive and on its impact on economic operators and consumers, in particular with regard to the provisions relating to unsolicited communications, taking into account the international environment. To this end, the Commission may request information from Member States, which must be provided without undue delay. Where appropriate, the Commission shall submit proposals for amending this Directive, taking into account the conclusions of the above-mentioned report, any change in the sector as well as any other proposal it may deem necessary in order to improve the

Article 19
Repeal
Directive 97/66 / EC is repealed with effect from the date referred to in Article 17 (1)
. References made to the repealed Directive shall be understood as being made to this Directive.

Article 20
Entry into force
This Directive shall enter into force on the day of its publication in the Official Journal of the European Communities.

Article 21
Addressees
This Directive is addressed to the Member States.

Done at Brussels, 12 July 2002.

For the European Parliament
The President
P. Cox

For the Council
The President
T. Pedersen

(1) OJ C 365 E, 19.12.2000, p. 223.
(2) OJ C 123, 25.4.2001, p. 53.
(3) Opinion of the European Parliament of 13 November 2001 (not yet published in the Official Journal), Council common position of 28 January 2002 (OJ C 113 E, 14.5.2002, p. 39) and decision of the European Parliament of May 30, 2002 (not yet published in the Official Journal). Council Decision of 25 June 2002.
(4) OJ L 281, 23.11.1995, p. 31.
(5) OJ L 24, 30.1.1998, p. 1.
(6) OJ L 178, 17.7.2000, p. 1.
(7) OJ L 91, 7.4.1999, p. 10.
(8) OJ L 108, 24.4.2002, p. 33.
(9) OJ L 204, 21.7.1998, p. 37. Directive amended by Directive 98/48 / EC (OJ L 217, 5.8.1998, p. 18).
(10) OJ L 36, 7.2.1987, p. 31. Decision as last amended by the 1994 Act of Accession.

Leave a Comment

Your email address will not be published.


CAPTCHA Image
Reload Image