Monday, November 18 2019
The draft of the new regulation
The 10 January 2017 is presented by the European Commission a "Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the respect of private life and the protection of personal data in electronic communications and which repeals the directive 2002 / 58 / CE (regulation on privacy and electronic communications) ". This addresses the need to harmonize the protection of personal data in electronic communications with the new prospects opened by the GDPR. In fact, it takes the latter's approach and organization, recalling it frequently throughout the text.
The following definitions should be emphasized:
I data of electronic communications (CE) are composed of:
- content of ce: that exchanged through the services of ce such as text, voice, video, images and sound
- metadata of the ce: the data associated with the content such as the source and the recipient of a communication, the location of the device, the date, time, duration and type of communication
The aims are initially fixed:
- protect the fundamental rights and freedoms of natural and legal persons and guarantee the free circulation of electronic communications data and electronic communication services in the Union
and the fields of application:
- the processing of electronic communications data carried out in relation to the supply and use of electronic communication services and information connected to the end users' terminal equipment
- the treatments carried out in Europe, directly or indirectly through the representative
- the treatments related to services accessible to the public
The HEAD II (articles 5 - 11) represents the heart of the treatment.
- The ce data is reserved and all interference with electronic communication data, such as listening, recording, storage, monitoring, scanning or other types of interception, monitoring or processing of electronic communications data by persons other than users is prohibited. finals.
- The processing of the contents of the data can be carried out exclusively with the consent of the interested parties
- The processing of CE metadata can be carried out by the supplier due to invoicing requirements or with the consent of the interested party
- The processing of CE data can be carried out exclusively for the performance of the communication service
- The deletion of the data and the metadata of the CE must take place when the service is performed - except for limited technical requirements. The metadata content required for invoicing follows the administrative procedure of the same invoicing.
- The same information stored in the terminal equipment of end users is protected
- Consent management is completely taken over by the 7 article of the GDPR
- Limitations of rights may occur due to the need to safeguard public interests
The CHAPTER III (art. 12 - 17) defines a series of obligations to be respected by the supplier and functionalities which, properly regulated, he must undertake to make available to the end user in free mode.
- identification of the calling and connected line
- block incoming calls
- management of public directories
- management of unsolicited communications
- information to end users on real or potential risks and possible remedies
In the following it is interesting to note that the draft regulation takes into consideration the violations, giving the guidelines so that the administrative sanctions can be applied with amounts divided into two bands (within 10M € or 20M €; 2% or 4% for companies) perfectly similar to the GDPR.
In conclusion, deadlines are presented (dates of entry into force and related consequences - such as the repeal of the ePrivacy directive and monitoring clauses) which, as anticipated, have not been respected and for which updates are expected.