Digital Agenda: Commission closes infringement case after UK correctly implements EU rules on privacy in electronic communications

27 Jan 2012 11:06 AM

The European Commission has closed an infringement case against the UK in recognition that UK national legislation has now been changed to properly implement EU rules on ePrivacy and data protection on the confidentiality of communications such as email or Internet browsing. The Commission believes UK law and institutions are now well-equipped to enforce the privacy rights of UK users.

The Commission opened this infringement procedure in April 2009 (IP/09/570), because UK Internet users were concerned about how the UK authorities had handled their complaints over the use of targeted behavioural advertising by several Internet service providers. These complaints were handled by the UK Information Commissioner’s Office (the UK personal data protection authority) and the UK law enforcement agencies responsible for investigating cases of unlawful interception of communications

Following the Commission’s decision in September 2010 to refer the case to the Court of Justice (IP/10/1215), the UK amended its national legislation so as not to allow interception of users' electronic communications without their explicit consent, and established an additional sanction and supervisory mechanism to deal with breaches of confidentiality in electronic communications.

In practical terms, the UK amended the Regulation of Investigatory Powers Act 2000 (RIPA) by removing references to implied consent and established a new sanction against unlawful interception which previously fell outside the scope of RIPA.

The new sanction is administered by the Interception of Communications Commissioner (ICC) who will hear complaints about unlawful interception and has published guidance with practical information on how it will exercise these new functions. The Commission expects that the ICC will closely co-operate in its work with the Information Commissioner’s Office and the law enforcement authorities.

Background

The Commission launched the legal action against the UK in April 2009 (IP/09/570) and subsequently confirmed its request to the UK authorities to amend their rules to comply with EU law in October 2009 (IP/09/1626). The Commission concluded that the UK law did not correctly implement EU rules on the confidentiality of electronic communications, which are laid down in the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC.

The EU Directive on privacy and electronic communications requires EU Member States to ensure confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance unless the users concerned have consented to this (Article 5(1) of Directive 2002/58/EC). The EU Data Protection Directive specifies that user consent must be ‘freely given specific and informed’ (Article 2(h) of Directive 95/46/EC). Moreover, Article 24 of the Data Protection Directive requires Member States to establish appropriate sanctions in case of infringements and Article 28 says that independent authorities must be charged with supervising implementation.

An overview of telecoms infringement proceedings is available on the website

For more information on EU infringement procedures, see MEMO/12/42

Digital Agenda website

Contacts :

Ryan Heath (+32 2 296 17 16), Twitter: @ECspokesRyan

Linda Cain (+32 2 299 90 19)