Gruppe 29:Opinion 2/2000 concerning the general review of the telecommunications legal framework

The Working Party for the Processing of Personal Data[1] has taken notice of the Communication of the European Commission[2] concerning the general review of the existing telecommunications legal framework at European level.

In the context of the public consultation opened by the European Commission until the 15th of February 2000, the Working Party wishes to highlight the importance of the data protection issues raised in this context.

Furthermore, the Working Party wants to manifest its wish to be involved and to make a constructive input into the revision of the legal framework for telecommunications.

Within the framework of the envisaged general review of the telecommunications legal framework, the existent directive concerning the processing of personal data and the protection of privacy in the telecommunications sector[3] will also be revised and updated.

Article 14 paragraph 3 of this directive mandates the Working Party established by Directive 95/46/EC to carry out its tasks also with regard to the protection of fundamental rights and freedoms and of legitimate interests in the telecommunications sector which is subject of Directive 97/66EC.

Article 30 of the general data protection directive deals with the tasks of the Working Party. One of its tasks is to advise the European Commission on any proposed amendment of the directive or any additional or specific measures to safeguard the rights of freedoms of natural persons with regard to the processing of personal data and on any other proposed Community measures affecting such rights and freedoms.

In previous opinions of this group, the Working Party has already underlined the necessity of taking into account new technological developments⁴, which could present a challenge for the protection of personal data and the right to privacy.

In this sense, the Working Party welcomes an update of this directive in so far as this allows it to address in a more specific way the data protection issues in the telecommunication sector while maintaining or, where necessary, improving the existing level of protection.

It should however not be forgotten that the specific directive 97/66/EC only complements the general directive 95/46/EC by establishing specific legal and technical provisions.[4] When revising the specific directive, it will be necessary to take into account, respect and be coherent with the provisions of the general data protection directive 95/46/EC, that applies to any processing of personal data falling under its scope, irrespective of the technical means used.

The specific directive should obviously not only protect the fundamental rights of individuals but should as well take into account other legitimate interests, such as the ones of the confidentiality and integrity of public telecommunications.

The text of the Communication of the European Commission points out that the envisaged review will pay special attention to the terminology used by directive 97/66/EC in order to make clear that new services and technologies are covered by this directive, avoiding in this way possible ambiguities and facilitating a consistent application of the data protection principles.

As it is correctly stated in the Communication of the European Commission, the telecommunication legal framework should apply to Internet services in the same way as it applies to other forms of communication.

The Working Party has already addressed this issue in precedent opinions and has clearly stated that processing of personal data on the Internet has to respect data protection principles just as in the off-line world[5]. Personal data processing on the Internet therefore has to be considered in the light of both data protection directives.

The Working Party, and in particular the Internet Task Force created within this group, would like to offer its specific data protection expertise to the Commission for the Internet-related issues which should be dealt with in the framework of the general review of the telecommunications legislation.

Another interesting issue addressed in the Commission's communication is the growing impact of software and software-driven configurations of technology.

The Working Party has already dedicated some attention to this question in the past, in particular in its recommendation 1/99 on Invisible and Automatic Processing of Personal Data on the Internet Performed by Software and Hardware[6]. In this recommendation, the Working Party encouraged the software and hardware industry to work on Internet privacy-compliant products that provide the necessary tools to comply with the European data protection rules.

The Working Party thinks that the increasingly bigger role of software in the telecommunications field should be taken into account in the revision of this directive, especially when dealing with the responsibilities of all actors involved in the data processing operations.

The revision of the directive could also be a good opportunity to reconsider the different responsibilities that network operators and service providers should have in this field.

One of the objectives of the revision of legislative framework for telecommunications is to develop European legislation in a technology-neutral direction. The Working Party agrees with this objective. This intention should however not prevent the European legislator from producing a new legal framework that sufficiently addresses the specific issues raised by new technological developments in this field.

It would also like to stress that a new directive in this field should emphasise that all technologies, irrespective of the kind of technical means used, should be privacy-compliant and, where possible, privacy-protective.

In general terms, the Working Party welcomes an update of directive 97/66/EC in so far as this update allows the directive to address in a specific way the data protection issues in the telecommunication sector while maintaining or, where necessary, improving the existing level of protection. The Working Party attaches great importance to a high level of data protection in the telecommunications sector and, in particular, to guaranteeing the confidentiality and integrity of the communications.

While favouring an update and improvement of the telecommunications legal framework, the Working Party would like to underline the importance of a timely implementation of the current directive in the telecommunication sector at national level. The Group would therefore invite the Commission to make clear in its communications that the new legal framework will only be in place within a number of years and that, in the meantime, Member States should continue drafting their national legislation within the existing legal framework.

The Working Party would like to encourage the Commission in taking into account all recommendations, opinions and working documents drafted by this Working Party which refer to the issues addressed in its communication in the revision process.

This Opinion is in no way intended to be the final position of the Working Party on the issue. The Working Party wishes to contribute to the further discussion of this subject and to provide specific suggestions, if so wished, for the next steps of the revision procedure.

[1] Established by article 29 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, JO L 281, 23 November 1995, p. 31. Available at: http://europa.eu.int/comm/dg15/en/media/dataprot/law/index.htm

⁴ Among others, in the Working Document Processing of Personal Data on the Internet, adopted on 23 February 1999, document 5013/99/EN/final Working Party 16. All documents adopted by the Working Party are available at: http://europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/index.htm

[4] To all matters which are not specifically covered by Directive 97/66/EC, such as the obligations on the controller and the rights of individuals or non-publicly available telecommunications services, Directive 95/46/EC applies (see recital 11 of Directive 97/66/EC).

[5] See also Ministerial Declaration of the Bonn Conference on Global Networks, June 1997, available at : http://www2.echo.lu/bonn/conference.html.