The Amended EU Law on Eprivacy and Electronic Communications: New Rules on Data Protection, Spam, Data Breaches and Protection of Intellectual Property Rights

Papakonstantinou, Vagelis; De Hert, Paul

The Amended EU Law on Eprivacy and Electronic Communications: New Rules on Data Protection, Spam, Data Breaches and Protection of Intellectual Property Rights

The John Marshall Journal of Information Technology & Privacy Law, Volume 29, Issue 1, Journal of Computer & Information Law - Fall 2011

48 Pages Posted: 3 Aug 2021

See all articles by Vagelis Papakonstantinou

Vagelis Papakonstantinou

Faculty of Law and Criminology, Vrije Universiteit Brussel

Paul De Hert

Free University of Brussels (VUB)- LSTS; Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT)

Date Written: 2011

Abstract

Telecommunications are privileged in being the only sector in European Union (“EU”) law benefiting from sector-specific data protection legislation. Although the (European) right to data protection is by now a fundamental right1 intended to find horizontal application into any and all fields that involve even the remotest personal data processing, certain sectors did go ahead and acquire regulations, of various legal statuses, specific to their needs and special conditions. Telecommunications (electronic communications) have benefited from sector-specific data protection legislation since 1997, when the first relevant set of regulations was released. Today, the Directive on Privacy and Electronic Communications (the “ePrivacy Directive”) 2 governs the field; its latest amendment, in 2009, brought forward the third in chronological (if not in generational) order relevant regulations.

Because all three versions of the ePrivacy Directive are close in chronological order and succeed one another following technological and regulatory trends, it is essential, before elaborating upon its amendment and effect on European data protection, to first briefly highlight those aspects of its predecessors that demonstrate the development of issues that remain relevant today and their respective regulatory approaches over time. In sections 1 – 6 we will therefore briefly present the EU data protection framework preceding the introduction of the 2009 ePrivacy Directive, as well as the general regulatory environment upon which its specialized provisions build. Special emphasis will be given to the originally intended regulatory model of implementing sector-specific regulations to complement the general provisions, a model, however, that appears to have been ultimately employed only in the telecommunications sector. In addition, attention shall be given to the general EU data protection framework currently in reform, and the effect such reform may have for the ePrivacy Directive. Sections 7 and 8 describe the preparatory phases and the background leading up to the introduction of the 2009 ePrivacy Directive. In sections 9-12 the focus is turned to those additions to the ePrivacy Directive that are considered of particular interest, at least from a data protection point of view. In this context, the cases of system integrity, spam, cookies and user consent, public directories, and personal data breach notifications are examined respectively. Finally, in section 13, special attention is given to the Three Strikes Law debate and to the Internet Freedom provision ultimately adopted in the text of the 2009 ePrivacy Directive.

Keywords: Data, Protection

Suggested Citation: Suggested Citation

Papakonstantinou, Vagelis and De Hert, Paul, The Amended EU Law on Eprivacy and Electronic Communications: New Rules on Data Protection, Spam, Data Breaches and Protection of Intellectual Property Rights (2011). The John Marshall Journal of Information Technology & Privacy Law, Volume 29, Issue 1, Journal of Computer & Information Law - Fall 2011, Available at SSRN: https://ssrn.com/abstract=3447092