Commission takes second legal step against eight Member States for not adopting new privacy rules for digital networks and services

Electronic Communications: Commission takes second legal step against eight Member States for not adopting new privacy rules for digital networks and services, Brussels, 1 April 2004

The Commission has taken the second step in infringement proceedings against eight Member States for failing to notify it of measures transposing the Directive on Privacy and Electronic Communications (e-Privacy Directive) into their national laws. The Directive governs areas like "spam" e-mail and identifier "cookies". These proceedings were opened against nine Member States in November 2003 (see IP/03/1663), but Sweden has since notified the Commission of new spam legislation. The second stage in infringement proceedings involves sending reasoned opinions to Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal and Finland. They now have two months in which to respond and could face action before the European Court of Justice if they fail to comply.

Enterprise and Information Society Commissioner Erkki Liikanen said: "We are determined to keep up the pressure on those Member States that have yet to implement the legislation they signed up in 2002. This Directive is vital to ensure that privacy and data protection are assured in an on-line world. It shows effective action can be taken and enforced at a national level in the fight against spam. These rules set common conditions across the Union, so users know what to expect and industry and Member States know what they must do."

The Directive on Privacy and Electronic Communications (e-Privacy Directive), was adopted by the European Parliament and the Council in July 2002. It completes the new regulatory framework for electronic communications⁽¹⁾. It sets EU-wide rules for the protection of privacy and personal data in mobile and fixed communications, including the Internet. For instance, the Directive introduces a 'ban on spam' throughout the EU and sets rules for installing so-called "cookies" on users' personal computers (see IP/03/1492). The e-Privacy Directive is a key element in the new regulatory framework for electronic communications. It will strengthen consumer confidence in e-commerce and electronic services, which is a prerequisite for sustainable growth in the sector.

Regarding "spam", the legal obligations in this directive have been complemented by a series of actions to help enforce the EU "ban on spam", presented in a Communication adopted in January. These actions focus on effective enforcement by Member States, technical and self-regulatory solutions by industry, consumer awareness, and international co-operation (see IP/04/103)⁽²⁾.

The deadline for incorporating the directive into national law was 31 October 2003. However, only six Member States had taken all necessary measures to transpose it by that date and so infringement proceedings under Article 226 of the Treaty were opened against the remaining Member States: Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal, Finland and Sweden in November 2003.

Subsequently Sweden has notified its transposition measures for Article 13 of the Directive related to unsolicited communications and as a result the infringement proceeding against it has been closed.

The sending of Reasoned Opinions to the remaining Member States represents the second stage in the infringement proceedings. The Member States have two months to respond. The next step would be the referral to the European Court of Justice of those Member States which have still not complied with their notification requirements.

The importance of full, effective and timely implementation of the new regulatory framework for electronic communications has been stressed by the Commission several times, following its Communication "Electronic Communications: the Road to the Knowledge Economy"⁽³⁾. This view has been fully supported by the Council and the European Parliament.

Background Information

Directive 2002/58/EC on Privacy and Electronic Communications (e-Privacy Directive), adopted by Parliament and Council in July 2002, sets EU rules for the protection of privacy and personal data in electronic communications. It was to be incorporated into national law by 31 October 2003 at the latest. It replaced the previous 'Telecommunications' Data Protection Directive (Directive 97/66/EC).

The e-Privacy Directive includes provisions on security of networks and services, confidentiality of communications, access to information stored on terminal equipment, processing of traffic and location data, calling line identification, public subscriber directories and unsolicited commercial communications.

The Directive does not contain legally binding provisions either allowing or preventing national measures requiring the retention of traffic or location data for 'law enforcement' purposes.

This Directive is part of a new, broader package of regulation designed to stimulate more competitive markets based on converging electronic communications technologies. The directives adopted under Article 95 of the Treaty were required to be transposed into national law not later than 24 July 2003. The Commission is monitoring the transposition process closely, and has already opened infringement proceedings against those Member States which failed to meet the deadline for incorporating the Framework, Authorisation, Access and Universal Service Directives into their national law (see IP/03/1356 and IP/03/1750).

For background information on the new privacy and data protection rules:

http://europa.eu.int/information_society/topics/ecomm/all_about/todays_framework/privacy_protection/index_en.htm

Specific information on unsolicited commercial communications or 'spam' is available at:

http://europa.eu.int/information_society/topics/ecomm/highlights/current_spotlights/spam/index_en.htm

For information about the overall regulatory framework see:

http://europa.eu.int/information_society/topics/telecoms/regulatory/new_rf/index_en.htm

^{(1)
Directive 2002/58/EC, OJ L 201 of 31 July 2002, p. 37.}

^{(2)
Commissions Communication on unsolicited commercial communications or spam of
22.1.2004, COM(2004) 28.}

^{(3)
COM(2003) 65 of 11 February 2003.}