Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
July 2002
Summary
The Directive 2002/58/EC of the European Parliament and Council focuses on the processing of personal data and the protection of privacy in the electronic communications sector. It builds on the principles established in Directive 95/46/EC, ensuring that Member States protect the rights and privacy of individuals while allowing for the free flow of personal data within the EU.
The Directive addresses the need for confidentiality in communications, particularly with the rise of new digital technologies and the Internet, which introduce specific privacy risks. It mandates that service providers implement security measures to protect users’ personal data, inform them of potential risks, and ensure the confidentiality of communications, including both content and related data.
The Directive also covers the lawful interception of communications by Member States for security and law enforcement purposes, provided it is done proportionately and with appropriate safeguards. Additionally, it includes provisions for the use of devices like cookies, requiring clear user consent and providing the right to refuse such technologies. Overall, the Directive aims to harmonize regulations across the EU to protect privacy while supporting the development of electronic communications services.