Data protection: At last published the revision of the “E-Privacy” Directive

By updating its regulatory framework for electronic communications networks and services the EU has notably amended the Directives 2002/22/EC (Universal Service Directive) and 2002/58/EC (Directive on privacy and electronic communications). The final text retain the EP amendments (**) which include:

– adaptation of universal service to market and technological developments, including allowing Member States to upgrade universal service obligations to broadband services;

– strengthened access to e-communications for disabled people, in particular via the inclusion of terminal equipment in the scope of the Directive; increased access to and choice of services for the disabled, strengthened right to emergency services in the EU;

– improved contract conditions and greater information to consumers on services, including increased comparability of prices and greater power to the National Regulatory Authorities (NRAs) on tariff information for consumers;

– information to users on the most common uses of e-communications services to engage in unlawful activities or to disseminate harmful content;

– strengthened provisions on access to emergency services, including inter alia a stronger obligation to pass caller location information to the emergency authorities, improved citizens awareness of  ‘112′ number; and introduction of comitology powers for the Commission on access to ‘112’ services;

– facilitating citizens’ access to services starting with “116” for certain services of social value such as reporting missing children, and implementing powers for the Commission to ensure the effective implementation of 116 numbering ranges;

– facilitation of change of provider, including a time limit for number activation after porting; reinforcement of NRAs’ powers to monitor and enforce porting; creation of comitology powers for the modernisation of porting obligations;

– measures to be taken by providers in order to safeguard the security of their services; 
obligation for providers of electronic communications services to notify security breaches affecting personal data to authorities and (in some cases) to subscribers or individuals concerned and introduction of implementing powers for the Commission on the modalities of breach notifications;

– strengthened provisions on protection against spyware and placing of cookies on users’ devices.