Ta spletna stran uporablja piškotke za upravljanje prijav, navigacije, statistike in ostale funkcije. Z brskanjem po strani se strinjate, da zabeležimo piškotke v vašem računalniku. Preberi več ...

Se strinjam
Data protection in the electronic communications sector

Data protection in the electronic communications sector

Information and Communication Technologies (ICTs), and in particular the Internet and electronic messaging services, call for specific requirements to ensure that users have a right to privacy. This Directive contains provisions that are crucial to ensuring that users can trust the services and technologies they use for communicating electronically. The main provisions apply to spam, ensuring the user’s prior consent ("opt-in"), and the installation of cookies.


Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [See amending acts].


Directive 2002/58/EC forms part of the "Telecoms Package", a new legislative framework designed to regulate the electronic communications sector and amend the existing regulations governing the telecommunications sector. The "Telecoms Package" includes four other Directives on the general framework, access and interconnection, authorisation and licensing and the universal service. The “Telecoms Package” was amended in December 2009 by the two Directives “Better law-making” and “Citizens’ rights”, as well as by the establishment of a body of European regulators for electronic communications (BEREC).

This Directive principally concerns the processing of personal data relating to the delivery of communications services.

Processing security

The provider of an electronic communications service must protect the security of its services by:

  • ensuring personal data is accessed by authorised persons only;
  • protecting personal data from being destroyed, lost or accidentally altered;
  • ensuring the implementation of a security policy on the processing of personal data.

In the case of an infringement of personal data, the service provider must inform the person concerned, as well as the National Regulatory Authority (NRA).

Confidentiality of communications

The Directive reiterates the basic principle that Member States must, through national legislation, ensure the confidentiality of communications made over a public electronic communications network. They must in particular prohibit the listening into, tapping and storage of communications by persons other than users without the consent of the users concerned. The subscriber or user who stores their information must first be informed of the purposes of the processing of their data. They have the option to withdraw their consent on the processing of traffic data.

Data retention

The Directive determines that traffic data and location data must be erased or made anonymous when they are no longer required for the conveyance of a communication or for billing, except if the subscriber has given their consent for another use. On the sensitive issue of data retention, the Directive stipulates that Member States may withdraw the protection of data only to allow criminal investigations or to safeguard national security, defence and public security. Such action may be taken only where it constitutes a "necessary, appropriate and proportionate measure within a democratic society".

In order to ensure the availability of communication data for the purpose of investigation, detection and prosecution of criminal offences, the Directive lays down provisions for the retention of data.

Unsolicited communications ("spamming")

The Directive takes an "opt-in" approach to unsolicited commercial electronic communications, i.e. users must have given their prior consent before such communications are addressed to them. This opt-in system also covers SMS text messages and other electronic messages received on any fixed or mobile terminal. However, exceptions are provided.


The Directive states that users must give their consent for information to be stored on their terminal equipment, or that access to such information may be obtained. In order to do this, users must receive clear and comprehensive information about the purpose of the storage or access. These provisions protect the private life of users from malicious software, such as viruses or spyware, but also apply to cookies.

Cookies are hidden information exchanged between an Internet user and a web server, and are stored in a file on the user's hard disk. Their original purpose was to retain information between sessions. They are also a useful and much decried tool for monitoring a net surfer's activity.

The Directive encourages the use of methods, which are as user-friendly as possible, see effective technical tools.

Public directories

European citizens must give prior consent in order for their telephone numbers (landline or mobile), e-mail addresses and postal addresses to appear in public directories.


Member States must implement a system of penalties, including legal sanctions in the case of infringements to the provisions of this Directive, and ensure that the national competent authorities have at their disposal the necessary powers and resources to monitor and control compliance with the national provisions adopted during the transposition of this Directive.



Entry into force

Deadline for transposition in the Member States

Official Journal

Directive 2002/58/EC



OJ L 201 of 31.07.2002

Amending act(s)

Entry into force

Deadline for transposition in the Member States

Official Journal

Directive 2006/24/EC



OJ L 105 of 13.04.2006

Directive 2009/136/EC



OJ L 337 of 18.12.2009


Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [Official Journal L 281/31 of 23.11.95]. This Directive is the reference text, at European level, on the protection of personal data. It sets up a regulatory framework which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the EU.

Regulation 45/2001/EC of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data [Official Journal L 8 of 12.01.2001] This Regulation aims to protect personal data within EU institutions and bodies. The text provides for rules to ensure a high level of protection for personal data processed by the Community institutions and bodies and the creation of an independent supervisory body to monitor the application of these rules.

Last updated: 19.05.2010

Avgust 2015
27 28 29 30 31 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31 1 2 3 4 5 6


Copyright © 2012 Osnovna šola Prule