PURPOSE: to reform Community rules in the telecommunications sector with a view to ensuring a high level of consumer protection and of users’ rights, in particular the right to personal privacy and data protection in the electronic communications field.

LEGISLATIVE ACT: Directive 2009/136/EC of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

CONTENT: following an agreement reached with the European Parliament at second reading, the Council adopted a directive amending legislation in force on universal service e-Privacy and consumer protection.

The Directive adapts the regulatory framework by strengthening and improving consumer protection and user rights in the electronic communications sector, facilitating access to and use of e-communications for disabled users and enhancing the protection of individuals’ privacy and personal data.

This Directive constitutes part of the “Telecoms Package” which also includes the reform of the EU’s regulatory framework and the creation of Body of European Regulators for Electronic Communications (BEREC).

The main amendments introduced by the new Directive are as follows:

Disabled users : the Directive strengthens access to e-communications for disabled people, in particular via the inclusion of terminal equipment in the scope of the Directive. It aims to increase access to and choice of services for the disabled, strengthened right to emergency services in the EU.

Contract : the Directive improves contract conditions and greater information to consumers on services, including increased comparability of prices and greater power to the NRAs on tariff information for consumers.

Quality of service : in order to prevent the degradation of service and the hindering or slowing down of traffic over networks, Member States shall ensure that national regulatory authorities are able to set minimum quality of service requirements on an undertaking or undertakings providing public communications networks.

Emergency services and the single European emergency call number : the Directive stipulates that Member States shall ensure that all end-users of the service, including users of public pay telephones, are able to call the emergency services free of charge and without having to use any means of payment, by using the single European emergency call number “112” and any national emergency call number specified by Member States.

Harmonised numbers for harmonised services of social value : Member States shall ensure that disabled end-users are able to access services provided under the “116” numbering range to the greatest extent possible. Member States shall make every effort to ensure that citizens have access to a service operating a hotline to report cases of missing children. The hotline shall be available on the number “116000”. The Commission shall attribute the regulatory procedure with scrutiny in order to guarantee the efficient application of the “116” numbering range.

Facilitating change of provider : porting of numbers and their subsequent activation shall be carried out within the shortest possible time. The Directive provides that, in any case, subscribers who have concluded an agreement to port a number to a new undertaking shall have that number activated within one working day . In any event, loss of service during the process of porting shall not exceed one working day. Member States shall ensure that appropriate sanctions on undertakings are provided for, including an obligation to compensate subscribers in case of delay in porting or abuse of porting by them or on their behalf.

Member States shall ensure: (i) that contracts concluded between consumers and undertakings providing electronic communications services do not mandate an initial commitment period that exceeds 24 months; (ii) that undertakings offer users the possibility to subscribe to a contract with a maximum duration of 12 months.

Security of processing and protection of personal data : this Directive shall inter alia: (i) ensure that personal data can be accessed only by authorised personnel for legally authorised purposes; (ii) protect personal data stored or transmitted against accidental or unlawful destruction, accidental loss or alteration, and unauthorised or unlawful storage, processing, access or disclosure, and; (iii) ensure the implementation of a security policy with respect to the processing of personal data; (iv) oblige providers of electronic communications services to notify security breaches affecting personal data to authorities and (in some cases) to subscribers or individuals concerned and introduction of comitology powers for the Commission on the modalities of breach notifications; (v) strengthen provisions on protection against spyware and placing of cookies on users' devices.

ENTRY INTO FORCE: 19/12/2009.

TRANSPOSITION: 25/05/2011.

At its Plenary Session of 6 May 2009, the European Parliament adopted a number of amendments negotiated with the Council to the Council's common position with a view to securing adoption in second reading. The Commission accepts the European Parliament's amendments to the common position as being in line with the overall purpose and the general characteristics of the proposal.

These amendments concern essentially:

adaptation of universal service to market and technological developments, including allowing Member States to upgrade universal service obligations to broadband services; strengthened access to e-communications for disabled people, in particular via the inclusion of terminal equipment in the scope of the Directive; increased access to and choice of services for the disabled, strengthened right to emergency services in the EU; improved contract conditions and greater information to consumers on services, including increased comparability of prices and greater power to the NRAs on tariff information for consumers; information to users on the most common uses of e-communications services to engage in unlawful activities or to disseminate harmful content; strengthened provisions on access to emergency services , including inter alia a stronger obligation to pass caller location information to the emergency authorities, improved citizens awareness of ‘112' number; and introduction of comitology powers for the Commission on access to '112' services; facilitating citizens' access to 116 services, and comitology powers for the Commission to ensure the effective implementation of 116 numbering ranges; facilitation of change of provider, including a time limit for number activation after porting; reinforcement of NRAs' powers to monitor and enforce porting; creation of comitology powers for the modernisation of porting obligations; strengthened obligation for Member States to review 'must carry' obligations; modernisation and updating of legislation to technology and market developments, streamlining of the provisions of the Directive (eg deletion of outdated obligations, etc.); measures to be taken by providers in order to safeguard the security of their services; obligation for providers of electronic communications services to notify security breaches affecting personal data to authorities and (in some cases) to subscribers or individuals concerned and introduction of comitology powers for the Commission on the modalities of breach notifications; strengthened provisions on protection against spyware and placing of cookies on users' devices.

The European Parliament approved with amendments, under the second reading of the codecision procedure, the Council’s common position with a view to the adoption of a directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

The amendments adopted in plenary are the result of a compromise negotiated with the Council.

Note that this proposal is part of the “telecom package” which includes the revision of the electronic communications regulatory framework and the establishment of a new European body of telecom regulators (BEREC). Given that MEPs could not reach a compromise with the Council on the framework directive and that all three proposals are interlinked, it is likely that the whole package will go to conciliation in the next legislature.

With regard to the common position on the revision of the electronic communications framework and specific directives, the main amendments are as follows:

Subject-matter and scope : the compromise clarifies that the directive neither mandates nor prohibits conditions, imposed by providers of publicly available electronic communications and services, limiting users’ access to and/or use of services and applications, where allowed under national law and in conformity with Community law, but does provide for information regarding such conditions.

National measures regarding end-users’ access to or use of services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, including in relation to privacy and due process, as defined in the European Convention for the Protection of Human Rights and Fundamental Freedoms.

Public pay telephones and other public voice telephony access points : in order to ensure technological neutrality and continued access by the public to voice telephony, national regulatory authorities should be able to impose obligations on undertakings in order to ensure that public pay telephones or other public voice telephony access points are provided to meet the reasonable needs of end-users in terms of the geographical coverage, the number of telephones or other access points, accessibility to disabled users and the quality of services.

Disabled end-users : the Parliament and Council agree that equivalence in disabled end-users’ access to services should be guaranteed to the level available to other end-users. To this end, access should be functionally equivalent such that disabled end-users benefit from the same usability of services as other end-users, but by different means.

Contracts : the Parliament considers it necessary to increase the level of detail of information to be provided in contracts. Therefore, the contract shall specify in a clear, comprehensive and easily accessible form a number of elements, including:

whether or not access to emergency services and caller location information is being provided, and/or any limitations on the provision of emergency services; information on any other conditions limiting access to and/or use of services and applications; information on any procedures put in place by the undertaking to measure and shape traffic so as to avoid filling or overfilling a network link and on how those procedures could impact on service quality; the duration of the contract and the conditions for renewal and termination of services and of the contract, including any minimum usage or duration required to benefit from promotional terms.

Quality of service : in order to prevent the degradation of service and the hindering or slowing down of traffic over networks, Member States shall ensure that national regulatory authorities are able to set minimum quality of service requirements on an undertaking or undertakings providing public communications networks.

The compromise adds that national regulatory authorities shall provide the Commission, in good time before setting any such requirements, with a summary of the grounds for action, the envisaged requirements and the proposed course of action. The Commission may, having examined such information, make comments or recommendations thereupon, in particular to ensure that the requirements do not adversely affect the functioning of the internal market. National regulatory authorities shall take the utmost account of the Commission's comments or recommendations when deciding on the requirements.

Emergency services and the single European emergency call number : the text provides that Member States, in consultation with national regulatory authorities, emergency services and providers, shall ensure that undertakings providing end-users with an electronic communications service for originating national calls to a number or numbers in a national telephone numbering plan provide access to emergency services.

In order to ensure the effective access to “112” services in the Member States, the Commission, having consulted BEREC, may adopt technical implementing measures. However, these technical implementing measures shall be adopted without prejudice to, and shall have no impact on, the organisation of emergency services, which remains of the exclusive competence of Member States.

European telephone access codes : a legal entity, established within the Community and designated by the Commission, shall have sole responsibility for the management, including number assignment, and promotion of the European Telephony Numbering Space (ETNS). The Commission shall adopt the necessary implementing rules.

Harmonised numbers for harmonised services of social value : Member States shall ensure that disabled end-users are able to access services provided under the “116” numbering range to the greatest extent possible. They shall also make every effort to ensure that citizens have access to a service operating a hotline to report cases of missing children. The hotline shall be available on the number 116000.

In order to ensure the effective implementation of the “116” numbering range, in particular the missing children hotline number 116000 , in the Member States, including access for disabled end-users when travelling in other Member States, the Commission, having consulted BEREC, may adopt technical implementing measures, in accordance with the regulatory procedure with scrutiny. However, these technical implementing measures shall be adopted without prejudice to, and shall have no impact on, the organisation of these services, which remains of the exclusive competence of Member States.

International code “3883” : a new recital stresses that development of the international code “3883” (the European Telephony Numbering Space (ETNS)) is currently hindered by insufficient awareness and overly bureaucratic procedural requirements. In order to foster the development of ETNS, the countries to which the International Telecommunications Union has assigned the international code “3883” should delegate responsibility for its management, number assignment and promotion to an existing separate organisation, designated by the Commission on the basis of an open, transparent and non-discriminatory selection procedure.

That organisation should also be tasked with developing proposals for public service applications using ETNS for common European services, such as a common number for reporting thefts of mobile terminals .

Facilitating change of provider : porting of numbers and their subsequent activation shall be carried out within the shortest possible time. In any case, the compromise provides that subscribers who have concluded an agreement to port a number to a new undertaking shall have that number activated within one working day . Loss of service during the process of porting shall not exceed one working day.

Competent national authorities shall also take into account, where necessary, measures ensuring that subscribers are protected throughout the switching process and are not switched against their will . Appropriate sanctions on undertakings shall be provided for, including an obligation to compensate subscribers in case of delay in porting or abuse of porting by them or on their behalf.

Lastly, Member States shall ensure that: (i) contracts concluded between consumers and undertakings providing electronic communications services do not mandate an initial commitment period that exceeds 24 months; (ii) undertakings offer users the possibility to subscribe to a contract with a maximum duration of 12 months .

Out-of-court settlement of disputes : Member States shall ensure that transparent, non-discriminatory, simple and inexpensive out-of-court procedures are available for dealing with unresolved disputes between consumers and undertakings providing electronic communications networks and/or services. Such procedures shall enable disputes to be settled impartially and shall not deprive the consumer of the legal protection afforded by national law.

Security of processing and protection of personal data : the text stipulates that the provisions of this directive particularise and complement Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Moreover, they provide for protection of the legitimate interests of subscribers who are legal persons.

Without prejudice to Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the measures taken in this area shall at least:

ensure that personal data can be accessed only by authorised personnel for legally authorised purposes; protect personal data stored or transmitted against accidental or unlawful destruction, accidental loss or alteration, and unauthorised or unlawful storage, processing, access or disclosure; ensure the implementation of a security policy with respect to the processing of personal data.

When the personal data breach is likely to adversely affect the personal data and privacy of a subscriber or an individual, the provider shall also notify the subscriber or individual of the breach without undue delay . If the provider has not already notified the subscriber or individual of the personal data breach, the competent national authority, having considered the likely adverse effects of the breach, may require it to do so.

Notification of a personal data breach to a subscriber or individual concerned shall not be required if the provider has demonstrated to the satisfaction of the competent authority that it has implemented appropriate technological protection measures, and those measures were applied to the data concerned by the security breach.

Providers shall maintain an inventory of personal data breaches, comprising the facts surrounding such breaches, their effects and the remedial action taken.

Safeguards provided for subscribers against intrusion of their privacy by unsolicited communications for direct marketing purposes by means of electronic mail are also applicable to SMS, MMS and other kinds of similar applications.

The Committee on the Internal Market and Consumer Protection adopted the recommendation for second reading by Malcolm HARBOUR (EPP-ED, UK) modifying, under the second reading of the codecision procedure, the Council’s common position for adopting a directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

The main amendments are as follows:

Public pay telephones and other public voice telephony access points : in order to ensure technological neutrality and continued access by the public to voice telephony, national regulatory authorities should be able to impose obligations on undertakings in order to ensure that public pay telephones or other public voice telephony access points are provided to meet the reasonable needs of end-users in terms of the geographical coverage, the number of telephones or other access points, accessibility to disabled users and the quality of services.

Disabled end-users : Equivalence in disabled end-users' access to services should be guaranteed to the level available to other end-users. To this end, access should be functionally equivalent such that disabled end-users benefit from the same usability of services as other end-users, but by different means.

Contracts : MEPs consider it necessary to increase the level of detail of information to be provided in contracts. Therefore, the contract shall specify in a clear, comprehensive and easily accessible form a number of elements, including: (i) whether or not access to emergency services and caller location information is being provided, and/or any limitations on the provision of emergency services; (ii) information on any other conditions limiting access to and/or use of services and applications, where such conditions are allowed under national law in accordance with Community law; (iii) any minimum usage required to benefit from promotional terms; (iv) information on any procedures put in place by the undertaking to measure and shape traffic so as to avoid filling or overfilling a network link and on how those procedures could impact on service quality; (v) any compensation arrangements which apply if security or integrity incidents occur.

Emergency services : Member States, in cooperation with national regulatory authorities, emergency services and providers, shall ensure that undertakings providing an electronic communications service for originating national and/or international calls through a number or numbers in a national or international telephone numbering plan provide reliable access to emergency services.

In order to ensure the effective implementation of “112” services in the Member States, the Commission, having consulted BERT, may adopt technical implementing measures. In order to respond to technological developments, the Commission should be empowered to adopt technical implementing measures in order to ensure the effective implementation of “112” in the Community for the benefit of citizens of the Union.

Harmonised numbers for harmonised services of social value : in order to ensure the effective implementation of the '116' numbering range, in particular the missing children hotline number 116000, in the Member States, including access for disabled end-users when travelling in other Member States, the Commission, having consulted BERT, may adopt technical implementing measures, in accordance with the regulatory procedure with scrutiny.

European Telephony Numbering Space : a legal entity, established within the Community and designated by the Commission, shall have sole responsibility for the management, including number assignment, and promotion of the European Telephony Numbering Space. The Commission shall adopt the necessary implementing rules.

Access to numbers and services : the competent national authorities shall take all necessary measures to ensure that end-users may also access and use services through text telephones, video telephones and products which help elderly people or people with disabilities to communicate, at least as regards emergency calls. In order to ensure that end users have effective access to numbers and services in the Community, the Commission may adopt technical implementing measures, in accordance with the regulatory procedure with scrutiny.

Number portability : subscribers who have concluded an agreement to port a number to a new undertaking shall have that number activated within one working day . National regulatory authorities shall be able to impose appropriate sanctions on undertakings, including an obligation to compensate subscribers in the case of delay in porting or abuse of porting by them or on their behalf. Member States shall also ensure that undertakings offer users the possibility to subscribe to a contract with a maximum duration of 12 months.

Access to content, services and applications : Member States shall ensure that any restrictions on the rights of users to access content, services and applications, if such restrictions are necessary, are implemented by appropriate measures, in accordance with the principles of proportionality, effectiveness and dissuasiveness. Those measures shall not have the effect of hindering the development of the information society, in particular electronic commerce, in the Internal Market, and shall not conflict with the fundamental rights of citizens, including the right to privacy and the right to due process.

Single information points : Member States should introduce single information points for all user queries. These information points, which could be administered by national regulatory authorities together with consumer associations, should also be able to provide legal assistance in case of disputes with operators. Access to these information points should be free of charge and users should be informed of their existence by regular information campaigns.

Out-of-court procedures : Member States shall ensure that transparent, non-discriminatory, simple and inexpensive out-of-court procedures are available for dealing with unresolved disputes between consumers and undertakings providing electronic communications networks and/or services. Such procedures shall enable disputes to be settled impartially and shall not deprive the consumer of the legal protection afforded by national law. Member States may extend these obligations to cover disputes involving other end-users.

Member States shall ensure that the bodies in charge of such procedures, which can be single points of contact, provide relevant information for statistical purposes to the Commission and the competent national authorities. With specific regard to the interaction of audiovisual and electronic communications, Member States shall encourage reliable out-of-court procedures.

Security of services and protection of personal data : the provider of a publicly available electronic communications service or an information society service should take appropriate technical and organisational measures to ensure the security of its services.

Without prejudice to Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the measures taken in this area shall at least: (i) ensure that personal data can be accessed only by authorised personnel for legally authorised purposes; (ii) protect personal data stored or transmitted against accidental or unlawful destruction, accidental loss or alteration, and unauthorised or unlawful storage, processing, access or disclosure; (iii) implement a security policy with respect to the processing of personal data.

When the personal data breach is likely to adversely affect the personal data and privacy of a subscriber or an individual, the provider shall notify the subscriber or individual of the breach without undue delay. If the provider has not already notified the subscriber or individual of a personal data breach, the competent national authority, having considered the likely adverse effects of the breach, may require it to do so.

Providers shall maintain an inventory of personal data breaches, comprising the facts surrounding the breach, its effects and the remedial action taken.

Review : the Commission shall, having consulted the Working Party on the Protection of Individuals with regard to the Processing of Personal Data and the European Data Protection Supervisor, submit to the European Parliament and the Council, not later than three years from the date of transposition, a report on the application of this Directive and its impact on economic operators and consumers, in particular as regards the provisions on unsolicited communications and breach notifications, taking into account the international environment. Where appropriate, the Commission shall submit proposals to amend this Directive.

The Commission notes that the Council’s position departs substantially from those of the Commission and the European Parliament, notably as regards the internal market mechanisms, in particular for ensuring consistent regulatory remedies, the additional remedy of functional separation, spectrum policy, and the establishment of a regulatory body. As regards the regulatory body, the Commission has particular concerns that the Council’s position raises institutional questions that constitute a substantial barrier to a satisfactory settlement.

The Commission also notes that the Council’s position diverges from those of the Commission and European Parliament on a number of supplementary issues falling under both proposals for directives to amend the regulatory framework. Nonetheless, the Commission considers that the divergences relating to the proposed Citizens’ Rights Directive are not of the same magnitude as those relating to the proposed Better Regulation Directive and the proposed Regulation setting up a regulatory body.

Subject to its statement attached to the minutes of the Council of 27 November 2008, the Commission affirms its belief that its amended proposals can contribute to a balanced agreement between the institutions that represents an advance for citizens and businesses in the European single market. Accordingly, the Commission stands ready to facilitate an agreement between the co-legislators.

The Common Position incorporates all, part or the thrust of a large number of amendments adopted at first reading by the European Parliament (87 of a total of 155).

The Council, like the European Parliament, has opted for an approach emphasising the importance of facilitating access for disabled end-users. It also agrees with the European Parliament regarding a specific article on harmonised numbers for harmonised services of social value, even if the level of detail decided on by the Council is not totally in line with the Parliament's view.

One overall difference compared with the Commission proposal concerns the question of committee procedure and references to the authority. Another overall difference, this time compared with the European Parliament's position, concerns references to the content. In both cases, the number of such references has been reduced to a minimum. Moreover, the Council has added or modified a number of provisions in order to clarify the text's objectives and their implementation.

The Council's Common Position is largely in line with that of the European Parliament. The most important points on which the Council has opted for an approach differing from that of the European Parliament or the Commission are indicated hereafter:

Contracts : the Council endorsed the general approach of the Commission proposals but, in agreement here with the European Parliament, thought it necessary to increase the level of detail in the information to be provided in contracts, particularly as regards service-quality indicators, customer services and conditions governing the minimum duration of contracts in the case of promotions.

Quality of service : the chief question examined by the Council was that of the level and nature of Commission intervention. The approach adopted is to leave it up to the NRAs to determine the minimum quality requirements for service involving undertakings which provide public communication networks.

Notification of breaches of security : the Council opted for an approach enabling the provider of an electronic communication service accessible to the public to assess the seriousness of the breach and the need to notify the NRA and/or the subscriber concerned, contrary to the European Parliament which would not like to leave such assessment entirely up to the discretion of the provider and would prefer to make notification to the NRA compulsory in all cases together with publication of the breaches committed. To ensure an appropriate level of harmonisation, the Council is making it compulsory for Member States to see that the NRAs are able to issue detailed rules concerning the circumstances, format and procedures applicable to the information and notification requirements relating to breaches of personal data.

The Common Position incorporates all, part or the thrust of a large number of amendments adopted at first reading by the European Parliament (87 of a total of 155).

The Council, like the European Parliament, has opted for an approach emphasising the importance of facilitating access for disabled end-users. It also agrees with the European Parliament regarding a specific article on harmonised numbers for harmonised services of social value, even if the level of detail decided on by the Council is not totally in line with the Parliament's view.

One overall difference compared with the Commission proposal concerns the question of committee procedure and references to the authority. Another overall difference, this time compared with the European Parliament's position, concerns references to the content. In both cases, the number of such references has been reduced to a minimum. Moreover, the Council has added or modified a number of provisions in order to clarify the text's objectives and their implementation.

The Council's Common Position is largely in line with that of the European Parliament. The most important points on which the Council has opted for an approach differing from that of the European Parliament or the Commission are indicated hereafter:

Contracts : the Council endorsed the general approach of the Commission proposals but, in agreement here with the European Parliament, thought it necessary to increase the level of detail in the information to be provided in contracts, particularly as regards service-quality indicators, customer services and conditions governing the minimum duration of contracts in the case of promotions.

Quality of service : the chief question examined by the Council was that of the level and nature of Commission intervention. The approach adopted is to leave it up to the NRAs to determine the minimum quality requirements for service involving undertakings which provide public communication networks.

Notification of breaches of security : the Council opted for an approach enabling the provider of an electronic communication service accessible to the public to assess the seriousness of the breach and the need to notify the NRA and/or the subscriber concerned, contrary to the European Parliament which would not like to leave such assessment entirely up to the discretion of the provider and would prefer to make notification to the NRA compulsory in all cases together with publication of the breaches committed. To ensure an appropriate level of harmonisation, the Council is making it compulsory for Member States to see that the NRAs are able to issue detailed rules concerning the circumstances, format and procedures applicable to the information and notification requirements relating to breaches of personal data.

SECOND OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the review of Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) .

On 10 April 2008, the EDPS adopted an Opinion on the Commission's Proposal amending, among others, the Directive on privacy and electronic communications (ePrivacy Directive). In September 2008, the European Parliament adopted a legislative resolution on the ePrivacy Directive (first reading). The EDPS viewed positively several of the EP amendments that were adopted. In November 2008, the Council reached a political agreement on a review of rules on the telecoms package, including the ePrivacy Directive. However, the EDPS is concerned about the Council’s Common Position as it does not incorporate some of the positive amendments proposed by Parliament or the opinions of the EDPS. Therefore, the EDPS now issues a Second Opinion, hoping that new amendments will be adopted that will restore the data protection safeguards.

The main conclusions of this Second Opinion are as follows:

Security breach : the Parliament and Council must come up with a solid legal framework for security breach. To this end, they should:

maintain the definition of security breach in the EP, Council and Commission texts; include providers of information society services with respect to the scope of the entities to be covered by the proposed notification requirement; regarding the trigger for the notification of security breaches (‘reasonably likely to harm’), to ensure that ‘harm’ is sufficiently wide to cover all relevant instances of negative effects on the privacy or other legitimate interests of individuals; set up a system where it is up to concerned entities to make the assessment as to whether they must notify individuals of security breaches; implement the following safeguards regarding notification: (i) ensure that covered entities are obliged to notify authorities of all breaches that meet the requisite standard; (ii) provide authorities with an oversight role that enables them to be selective in order to be effective; (iii) adopt a new provision requiring entities to maintain a detailed and comprehensive internal audit trail; provide the Commission with the ability to adopt technical implementing measures; with regard to the individuals to be notified, use the Commission or EP’s terminology ‘individuals concerned’ or ‘affected users’.

Publicly Accessible Private Networks : the EP and Council should:

keep the essence of Amendment 121 (broadening the scope of application of the Directive to include public and private communications networks, as well as publicly accessible private networks), but rephrase it to ensure that purely privately operated networks (as opposed to publicly accessible private networks) would not be explicitly covered; amend all the operational provisions to explicitly refer to publicly accessible private networks in addition to public networks; include an amendment defining a ‘publicly accessible private network’; adopt a new recital per which the Commission would carry out a public consultation on the application of the ePrivacy Directive to all private networks, with the input of the EDPS and other stakeholders.

Processing of Traffic Data for Security Purposes : the EP and the Council should:

reject entirely Article 6.6(a), authorising the processing of traffic data for security purposes, because it is unnecessary and, if abused, could unduly threaten the data protection and privacy of individuals; if some variation of the current version of Article 6.6(a) is to be adopted, incorporate the data protection safeguards discussed in this Opinion.

Actions for Infringements of the ePrivacy Directive : the EP and Council should:

endorse the provision affording the possibility to legal entities, such as consumer and trade associations, the right to bring legal action against infringements of any provisions of the Directive (not only for infringement of the spam provisions as is the current approach in the Common Position).

The amended proposal adapts the original proposal on a number of points as suggested by the European Parliament.

It is recalled that this legislative proposal covers changes to the Universal Service Directive and the Directive on privacy and electronic communications. The aim is to adapt the regulatory framework for electronic communications by strengthening certain consumer and user rights and by ensuring that electronic communications are trustworthy, secure and reliable and provide a high level of protection for individuals’ privacy and personal data.

More specifically, the objectives of the present proposals are two-fold:

strengthening and improving consumer protection and user rights in the electronic communications sector, by — among other aspects — giving consumers more information about prices and supply conditions, and facilitating access to and use of e-communications, including emergency services, for disabled end-users; enhancing the protection of individuals’ privacy and personal data in the electronic communications sector, in particular through strengthened security-related provisions and improved enforcement mechanisms.

The European Parliament adopted 155 amendments at 1 st reading on 24 September 2008. In its amended proposal, the Commission accepts 58 amendments in their entirety. It accepts 50 in part or subject to rewording.

It should be noted that it was not able to accept 56 amendments.

The amended proposal adapts the original proposal on a number of points as suggested by the European Parliament.

It is recalled that this legislative proposal covers changes to the Universal Service Directive and the Directive on privacy and electronic communications. The aim is to adapt the regulatory framework for electronic communications by strengthening certain consumer and user rights and by ensuring that electronic communications are trustworthy, secure and reliable and provide a high level of protection for individuals’ privacy and personal data.

More specifically, the objectives of the present proposals are two-fold:

strengthening and improving consumer protection and user rights in the electronic communications sector, by — among other aspects — giving consumers more information about prices and supply conditions, and facilitating access to and use of e-communications, including emergency services, for disabled end-users; enhancing the protection of individuals’ privacy and personal data in the electronic communications sector, in particular through strengthened security-related provisions and improved enforcement mechanisms.

The European Parliament adopted 155 amendments at 1 st reading on 24 September 2008. In its amended proposal, the Commission accepts 58 amendments in their entirety. It accepts 50 in part or subject to rewording.

It should be noted that it was not able to accept 56 amendments.

The European Parliament adopted by 548 votes to 88, with 14 abstentions, a legislative resolution approving, with amendments, the proposal for a directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on consumer protection cooperation.

The report had been tabled for consideration in plenary by Malcolm HARBOUR (EPP-ED, UK) on behalf of the Committee on the Internal Market and Consumer Protection.

The main amendments – adopted at 1 st reading of the co-decision procedure – are as follows:

Pre-contractual information : operators should provide users with transparent, comparable, appropriate and up to date information on prices and tariffs, charges for terminating a contract and general terms and conditions. MEPs clarified the pre-contractual information requirements and broadened the information and transparency provisions. Therefore, the contract shall specify in a clear, comprehensive and easily accessible form at least:

where access to emergency services and caller location information is to be provided, the level of reliability of such access, where relevant, and whether access is provided in the whole of the national territory; information on any restrictions imposed by the provider regarding a subscriber's ability to access, use or distribute lawful content or run lawful applications and services; the service quality levels; types of maintenance and customer support services offered, as well as how to contact customer support; the time for the initial connection and any restrictions on the use of terminal equipment imposed by the provider; the subscriber's decision as to whether to include his or her personal data in a directory and the data concerned; any charges related to portability of numbers and other identifiers and any charges due on termination of the contract; any compensation arrangements which apply if security or integrity incidents occur.

Protection of personal data : the Parliament proposes including the right to privacy and the right to confidentiality and security of information technology systems. Therefore, customers should be informed of their rights with respect to the use of their personal information in directories of subscribers, and in particular of the purposes of such directories, as well as their right, free of charge, not to be included in a public subscriber directory.

Breach of security : the NRAs should be able to compel providers to include in the contract public interest warnings, in a standardised form, regarding copyright infringement, other unlawful uses and dissemination of harmful content, and advice and means of protection against risks to personal security, which may for example arise from disclosure of personal information in certain circumstances, privacy and personal data. Furthermore, MEPs call for the establishment of a mechanism for the purpose of enabling appropriate cooperation on issues relating to the promotion of lawful content.

Security of networks : the customer contract should specify the type of action, if any, the provider might take in case of security or integrity incidents, threats or vulnerabilities, as well as any arrangements implemented by the provider to provide compensation if such events occur. Providers shall annually notify affected users of all breaches of security that have led to the accidental or unlawful destruction, loss or alteration or the unauthorised disclosure of or access to personal data. The perpetrator may be the subject of criminal proceedings determined by the Member States. An amendment specifies the conditions under which a breach shall be considered as a serious breach and shall therefore justify the notification of the subscriber.

Disabled users : the notion of a publicly accessible telephone service is more clearly defined and expressly includes services specifically tailored to the needs of disabled users. Particular attention should be given to terminal equipment for users with special needs, including the disabled and the elderly. Disabled end-users should have access to electronic communication services equivalent to that enjoyed by the majority of end-users. They should also receive regular information on the products or services aimed at them.

Emergency numbers : MEPs call on the Commission to support the initiatives of the Member States to increase awareness of the emergency number "112" and to periodically evaluate knowledge of"112" by the public. The emergency services should be able to appropriately respond to and handle all calls to the single European emergency call number "112". Furthermore, MEPs call for the establishment of a missing children hotline number, available on the number "116000". Noting that the development of the international code “3883” (the European Telephony Numbering Space (ETNS)) is currently hindered by lack of demand, MEPs call on the Commission to delegate responsibility for its management, number assignment and promotion to a separate organisation, following the example of the implementation of the ".eu" top level domain.

Porting of numbers : porting of numbers and their subsequent activation should be executed within the shortest possible delay, no later than one working day from the initial request by the subscriber. Member States ask that national regulatory authorities should be able to extend the one day period, where necessary, to ensure that subscribers are not switched against their will. They also call for the possibility to impose sanctions on providers in the event of a delay in porting or abuse of porting. Furthermore, MEPs call for a standardisation of the maximum duration of contracts for subscriptions: it should not exceed 24 months, with the possibility for users to subscribe to a contract with a maximum duration of 12 months.

Quality of service : in certain instances, where there is a lack of effective competition, national regulatory authorities should use the remedies available to them under the Directives establishing the regulatory framework for electronic communications networks and services to ensure that users" access to particular types of content or applications is not unreasonably restricted. A national regulatory authority may issue guidelines setting minimum quality of service requirements, and, if appropriate, take other measures, in order to prevent degradation of service and slowing of traffic over networks, and to ensure that the ability of users to access or distribute content or to run applications and services of their choice is not unreasonably restricted.

Universal service : lastly, the Parliament calls on the European Commission to present, no later than autumn 2008, a review of the scope of the universal service obligation and proposals for reform aimed at explicitly including mobile telephony and broadband internet connection in the scope of Directive 2002/22/EC.

The Committee on the Internal Market and Consumer Protection adopted the report drafted by Malcolm HARBOUR (PPE-DE, UK), at 1st reading of the codecision procedure, the proposal for a directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users ’ rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on consumer protection cooperation.

Parliament's political groups had already reached a compromise on certain issues, such as access to the single European emergency number 112, access to electronic communications as a universal service, the number portability, the transparency of tariffs and prices charged and the network neutrality principle.

Contractual information : Member States shall ensure that, where subscribing to services providing connection to a public communications network and/or electronic communications services, consumers and other end-users so requesting have a right to a contract with an undertaking or undertakings providing such services and/or connection. The contract shall specify in a clear, comprehensive and easily accessible form at least: services provided, including in particular:

where access to emergency services and caller location information is to be provided, the level of reliability of such access, where relevant, and whether access is provided in the whole of the national territory; information on any restrictions imposed by the provider regarding a subscriber's ability to access, use or distribute lawful content or run lawful applications and services; the service quality levels; types of maintenance and customer support services offered, as well as how to contact customer support; the time for the initial connection; any restrictions on the use of terminal equipment imposed by the provider; the subscriber's decision as to whether to include his or her personal data in a directory and the data concerned; p ayment charges may be obtained; methods offered and any differences in costs due to payment method ; the duration of the contract and the conditions for renewal and termination of services and of the contract; any charges related to portability of numbers and other identifiers; any charges due on termination of the contract, including any cost recovery with respect to terminal equipment; a ny compensation arrangements which apply if security or integrity incidents occur .

Protection of personal data : in order to address public interest issues with respect to the use of communications services, and to encourage protection of the rights and freedoms of others, the relevant national authorities should be able to produce and have disseminated, with the aid of providers, information related to the use of communications services. This information should include warnings regarding copyright infringement, other unlawful uses and dissemination of harmful content, and advice and means of protection against risks to personal security, which may for example arise from disclosure of personal information in certain circumstances, privacy and personal data. Customers should be informed of their rights with respect to the use of their personal information in directories of subscribers.

Member States shall ensure that national regulatory authorities are able to require operators to make available free of charge to their subscribers reliable and easy-to-use protection and/or filtering software to control access by children or vulnerable people to unlawful or dangerous content.

Breach of security : the competent authority should consider and determine the seriousness of the breach. If the breach is deemed to be serious the competent authority should require the provider of publicly available electronic communications service and the provider of information society services to give an appropriate notification without undue delay to the persons affected by the breach. The seriousness of a breach requiring notification to subscribers shall be determined according to the circumstances of the breach, such as the risk to the personal data affected by the breach, the type of data affected by the breach, the number of subscribers involved, and the immediate or potential impact of the breach on the provision of services. Providers shall annually notify affected users of all breaches of security that have led to the accidental or unlawful destruction, loss or alteration or the unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed in connection with the provision of publicly available communications services in the Community.

Disabled users : particular attention should be given to terminal equipment for users with special needs, including the disabled and the elderly. The notion of a publicly accessible telephone service is more clearly defined and expressly includes services specifically tailored to the needs of disabled users. Member States shall ensure that national regulatory authorities are able to impose appropriate requirements on undertakings providing publicly available electronic communications services so as to ensure that disabled end-users: a) have access to electronic communication services equivalent to that enjoyed by the majority of end-users; and b) can take advantage of the choice of undertakings and services available to the majority of end-users.

Quality of services : where there is a lack of effective competition, national regulatory authorities should use the remedies available to them under the Directives establishing the regulatory framework for electronic communications networks and services to ensure that users’ access to particular types of content or applications is not unreasonably restricted. It should also be possible for national regulatory authorities to issue guidelines setting minimum quality of service requirements and to take other measures where such other remedies have, in their judgement, not been effective with regard to the interests of users and all other relevant circumstances. Such guidelines or measures could include the provision of a basic tier of unrestricted services.

Emergency number : since 2002, it has been possible to call the 112 emergency number throughout the EU. MEPs feel that this number should be accessible irrespective of the type of electronic communication used. The emergency services should also have easy access to information needed to locate the caller. The Commission should continue both to support and to supplement initiatives of the Member States to further awareness of "112" and periodically to evaluate knowledge of "112" by the public.

MEPs also provide for a missing children hotline number. Member States shall ensure citizens' access to a hotline to report missing children. The hotline shall be available on the number "116000".

Numbering space “3883” : the development of the international code “3883” ( the European Telephony Numbering Space (ETNS) ) is currently hindered by lack of demand, overly bureaucratic procedural requirements and insufficient awareness . In order to foster the development of ETNS, the Commission should delegate responsibility for its management, number assignment and promotion either to a separate organisation following the example of the implementation of the ".eu" top level domain.

Portability of numbers : p orting of numbers and their subsequent activation shall be executed within the shortest possible delay, no later than one working day from the initial request by the subscriber. National regulatory authorities may extend the one day period and prescribe appropriate measures where necessary to ensure that subscribers are not switched against their will. National regulatory authorities may impose appropriate sanctions on providers, including an obligation to compensate customers, in case of delay in porting or abuse of porting by them or on their behalf.

The Council held a public exchange of views on the review of the EU regulatory framework and took note of the presidency's three progress reports on the work carried out so far in its preparatory bodies. (See also COD/2007/0247 and COD/2007/0249 ).

The Commission's telecoms reform package aims to enable citizens, wherever they live and wherever they travel in the EU, to benefit from better and cheaper communication services.

On the basis of questions drawn up by the presidency, Ministers' debate focused in particular on the proposal on better regulation, namely the consistent application of the regulatory framework in the internal market and the management of the radio spectrum in the EU.

The discussions provided political guidance for further work on these proposals that will continue under the forthcoming French presidency.

Citizen’s rights directive : during the examination of the proposal in the working party, the delegations supported the Commission initiative in principle, agreeing that in general the amendments proposed by the Commission go in the right direction and concern important issues. The general thrust of the proposal, namely to ensure that consumers' rights remain an important focus of regulatory policy in the sector, was broadly supported, as regards both the universal service directive and the e-privacy directive.

However, Member States underlined the need to carefully examine the proposals in order to maintain an appropriate balance of proportionality and subsidiarity, as well as to avoid unnecessary burdens for both national regulatory authorities and the undertakings concerned, while ensuring competition and benefits for end-users.

In addition, the progress report identifies the main issues that remain open. In respect of the universal service directive, these issues are: provision of access at a fixed location and provision of telephone services; provisions for contracts; quality of service as well as emergency call provisions. As far as the e-privacy directive is concerned, the security of processing and the issue of implementation and enforcement, in particular, will need further discussion.

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the Proposal for a Directive of the European Parliament and of the Council amending, among others, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) .

On 16 November 2007, the EDPS received a request from the Commission for an opinion on the aforementioned proposal. The proposal aims at enhancing the protection of individuals' privacy and personal data in the electronic communications sector. This is done not by entirely reshaping the existing e‑Privacy Directive but rather by proposing ad hoc amendments to it, which mainly aim at strengthening the security-related provisions and improving the enforcement mechanisms. The proposal is part of a wider reform of the five EU telecom Directives (the telecoms package).

The EDPS fully welcomes the proposal. The proposed amendments strengthen the protection of individuals' privacy and personal data in the electronic communications sector and this is done with a light touch, without creating unjustified and unnecessary burdens upon organisations. More specifically, the EDPS considers that, for the most part, the proposed amendments should not be modified insofar as they fulfil properly their pursued objective.

Notwithstanding the overall positive consideration of the proposal, the EDPS considers that some of its amendments should be improved to ensure that they effectively provide for a proper protection of the personal data and the privacy of individuals. This is particularly true regarding the provisions on security breach notification and for those that deal with the legal actions initiated by electronic communication service providers for violation of spam provisions . In addition, the EDPS regrets that the proposal fails to tackle some issues, not properly dealt with in the current e‑Privacy Directive, missing the opportunity of this review exercise to resolve the outstanding problems.

The amendments contained in the Proposal where the EDPS would strongly favour modification , include the following:

Security breach notification : the proposed amendment applies to providers of public electronic communication services in public networks who are compelled to notify national regulatory authorities and their customers of security breaches. The EDPS fully supports this obligation. However, the EDPS considers that the obligation should also apply to providers of information society services which often process sensitive personal information; Legal actions initiated by providers of public electronic communication services in public networks : the proposed amendment provides civil law remedies for any individual or legal person particularly for electronic communication service providers to fight infringements of Article 13 of the e‑Privacy Directive which deals with spam. The EDPS is satisfied with this provision. However, the EDPS does not see the rationale for this new capability to be limited to the infringement of Article 13. The EDPS suggests enabling legal persons to take legal actions for infringement of any provision of the e‑Privacy Directive.

The scope of application of the e‑Privacy Directive which is currently limited to providers of public electronic communication networks is one of the most worrisome issues that the proposal has failed to address. The EDPS considers that the Directive should be amended to broaden its application to include providers of electronic communication services also in mixed (private/public) and private networks.

The amendments that the EDPS would strongly favour to remain unmodified include the following:

RFID : the proposed amendment according to which electronic communication networks include ‘public communication networks supporting data collection and identification devices’ is fully satisfactory. This provision is very positive as it clarifies that a number of RFID applications must comply with the e‑Privacy Directive, thus removing some legal uncertainty on this point; Cookies/spyware : the proposed amendment is to be welcomed because, as a result, the obligation to inform and give the right to oppose to have cookies/spyware stored in one's terminal equipment will also apply when such devices are placed through external data storage media such as CD-ROMs, USB Keys. However, the EDPS suggests that a minor amendment be made to the last part of Article 5(3) which consists in deleting the word ‘facilitating’ from the sentence; Choice of comitology with consultation to the EDPS and conditions/limitations to the obligation to notify : the proposed amendment regarding security breach notification leaves up to comitology the decision of complex questions regarding the circumstances/format procedures of the security breach notification system. The EDPS strongly supports this unified approach. Linked to this matter is the call by some stakeholders to draw up exceptions to the obligation to notify security breaches. The EDPS strongly opposes this approach; Enforcement : the proposed amendment contains many helpful elements to be kept which will contribute to ensuring effective compliance, including the strengthening of the investigatory powers of national regulatory authorities and the creation of the national regulatory authorities' power to order the cessation of infringements.

PURPOSE: to reform Community rules in the telecommunications sector with a view to ensuring a high level of consumer protection and of users’ rights, in particular the right to personal privacy and data protection in the electronic communications field.

PROPOSED ACT: Directive of the European Parliament and of the Council.

CONTEXT: in June 2006, the Commission presented a report to the European Parliament and the Council on the functioning of the regulatory framework for electronic communications networks and services. The report noted that the framework had yielded considerable benefits for citizens, consumers, and businesses in terms of better choice, lower prices and more innovation, but there was room for improvement in the field of consumer protection and security to ensure that it kept pace with technological developments and remained effective for the coming decade.

In order to ensure the safeguarding of universal service and users’ rights, as well as the protection of personal data, the Community rules need to be adapted with the dual aim of:

Strengthening and improving consumer protection and user rights in the electronic communication sector, through — amongst other aspects —giving consumers more information about prices and supply conditions, and facilitating access to and use of e-communications, including emergency services, for disabled users; and Enhancing the protection of individuals’ privacy and personal data in the electronic communications sector, in particular through strengthened security-related provisions and improved enforcement mechanisms.

This proposal deals with the changes to be made to the Universal Service (2002/22/EC) and the Directive on privacy and electronic communications (2002/58/EC). It is one of a package of reforms that also includes:

a proposal to amend the Framework Directive (2002/21/EC) and the Authorisation (2002/19/EC) and Access (2002/20/EC) Directives (see COD/2007/0247 ) and a proposal for a Regulation creating a new European Electronic Communications Market Authority (see COD/2007/0249 ).

CONTENT:

The proposed directive adapts the regulatory framework by strengthening certain consumers’ and users’ rights (in particular with a view to improving accessibility and promoting an inclusive Information Society), and ensuring that electronic communications are trustworthy, secure and reliable and provide a high level of protection for individuals’ privacy and personal data. The proposal does not alter the current scope or concept of universal service in the EU, which will be subject to a separate consultation in 2008.

The main amendments to the Universal Service Directive are as follows:

improving the transparency and publication of information for end-users; facilitating use of and access to e-communications for disabled users; facilitating the switching of suppliers by consumers through, among other things; strengthened provisions on number portability; improving obligations related to emergency services; ensuring basic connectivity and quality of service; and modernising specific provisions of the Directive to bring them into line with technology and market developments, including the deletion of a number of obsolete or redundant provisions.

The main amendments to the Directive on privacy and electronic communications are as follows:

introducing mandatory notification of security breaches resulting in users’ personal data being lost or compromised; strengthening implementation provisions related to network and information security to be adopted in consultation with the Authority; strengthening implementation and enforcement provisions to ensure that sufficient measures are available at Member State level to combat spam; clarifying that the Directive also applies to public communications networks supporting data collection and identification devices (including contactless devices such as Radio Frequency Identification Devices); modernising certain provisions that have become outdated, including the deletion of some obsolete or redundant provisions.

This Communication reports on the results of Commission’s Review of the regulatory framework for electronic communications and explains the main policy changes proposed by the Commission.

The EU regulatory framework for telecommunications was created in the 1990s in order to open up national markets to competition, markets which, until then, where dominated by state-owned monopolies. This process culminated in the liberalisation of national markets in 1998. A further step was taken in 2002 with the adoption of the current set of rules, which take account of the convergence of technologies and apply to all forms of electronic communications.

In 2006 and 2007, the Commission reviewed the functioning of the EU framework in against its main objectives, which are to promote competition, to consolidate the internal market and to promote the interests of the citizen. In the light of technological and market developments, especially improved competition in some areas, but also continued dominance by one or a few operators on a number of key markets as well as a continued lack of a single market for electronic communications and increasing divergence of regulatory approaches in the enlarged EU, a substantial reform of the regulatory framework is considered necessary by the Commission.

The 2007 Reform Proposals of the Commission can be grouped under the three pillars of better regulation, completing the single market and connecting with citizens.

1) Better regulation for competitive electronic communications: the 2007 Reform Proposals first of all aim to simplify and improve the quality of the regulatory environment, by reducing ex-ante regulation where market developments allow and by simplifying the market review procedure. The Commission also recommends better regulation of radio spectrum by simplifying access to and use of this scarce resource and moving to a more market-oriented allocation of spectrum. The Commission’s legislative proposals strengthen the principles of technology and service neutrality, and create a mechanism to designate certain bands where, across the EU, rights acquired to use spectrum are allowed to be traded (secondary trading). Regulatory provisions to encourage licence-free spectrum use and to reinforce the coordination of conditions for spectrum authorisations are also proposed.

2) The Single Market for electronic communications: Europe does not yet have a single market for electronic communications networks or services. Implementation of the EU rules via 27 separate national regulatory systems has resulted in two major drawbacks: the artificial segmentation of markets on a national basis and a fundamental lack of consistency in the way the EU rules are applied. In order to address this lack of a single market, the Commission proposes the establishment of an independent European Electronic Communications Market Authority, which will build on the combined expertise of NRAs and improve the existing coordination mechanisms. At the same time, it is proposed to strengthen the independence and enforcement powers of national authorities, which will contribute to the effective and speedy implementation of the regulatory framework.

3) Connecting with citizens: In a rapidly changing market environment, new measures are needed in order to preserve and enhance consumer protection and user rights and ensure that consumers can reap the full benefits of a dynamic and increasingly borderless communications market. The Commission’s proposals aim, in particular, to: 1) improve the transparency of information from service providers to consumers, including information on supply conditions and on tariffs; 2) set a time limit of one working day for ‘porting’ (transferring) a telephone number following a change of fixed or mobile operator; 3) enhance the implementation of ‘112’ emergency services in the EU, in particular by ensuring more efficient access to caller location information; 4) enable NRAs to impose minimum requirements for the quality of services based on standards drawn up at Community level. The Reform Proposals will also ensure that users with disabilities, elderly users and people with special needs are not prevented from using and accessing eCommunications services.

The Commission believes that the 2007 Reform Proposals should become law before the end of 2009.

PURPOSE: to reform Community rules in the telecommunications sector with a view to ensuring a high level of consumer protection and of users’ rights, in particular the right to personal privacy and data protection in the electronic communications field.

PROPOSED ACT: Directive of the European Parliament and of the Council.

CONTEXT: in June 2006, the Commission presented a report to the European Parliament and the Council on the functioning of the regulatory framework for electronic communications networks and services. The report noted that the framework had yielded considerable benefits for citizens, consumers, and businesses in terms of better choice, lower prices and more innovation, but there was room for improvement in the field of consumer protection and security to ensure that it kept pace with technological developments and remained effective for the coming decade.

In order to ensure the safeguarding of universal service and users’ rights, as well as the protection of personal data, the Community rules need to be adapted with the dual aim of:

Strengthening and improving consumer protection and user rights in the electronic communication sector, through — amongst other aspects —giving consumers more information about prices and supply conditions, and facilitating access to and use of e-communications, including emergency services, for disabled users; and Enhancing the protection of individuals’ privacy and personal data in the electronic communications sector, in particular through strengthened security-related provisions and improved enforcement mechanisms.

This proposal deals with the changes to be made to the Universal Service (2002/22/EC) and the Directive on privacy and electronic communications (2002/58/EC). It is one of a package of reforms that also includes:

a proposal to amend the Framework Directive (2002/21/EC) and the Authorisation (2002/19/EC) and Access (2002/20/EC) Directives (see COD/2007/0247 ) and a proposal for a Regulation creating a new European Electronic Communications Market Authority (see COD/2007/0249 ).

CONTENT:

The proposed directive adapts the regulatory framework by strengthening certain consumers’ and users’ rights (in particular with a view to improving accessibility and promoting an inclusive Information Society), and ensuring that electronic communications are trustworthy, secure and reliable and provide a high level of protection for individuals’ privacy and personal data. The proposal does not alter the current scope or concept of universal service in the EU, which will be subject to a separate consultation in 2008.

The main amendments to the Universal Service Directive are as follows:

improving the transparency and publication of information for end-users; facilitating use of and access to e-communications for disabled users; facilitating the switching of suppliers by consumers through, among other things; strengthened provisions on number portability; improving obligations related to emergency services; ensuring basic connectivity and quality of service; and modernising specific provisions of the Directive to bring them into line with technology and market developments, including the deletion of a number of obsolete or redundant provisions.

The main amendments to the Directive on privacy and electronic communications are as follows:

introducing mandatory notification of security breaches resulting in users’ personal data being lost or compromised; strengthening implementation provisions related to network and information security to be adopted in consultation with the Authority; strengthening implementation and enforcement provisions to ensure that sufficient measures are available at Member State level to combat spam; clarifying that the Directive also applies to public communications networks supporting data collection and identification devices (including contactless devices such as Radio Frequency Identification Devices); modernising certain provisions that have become outdated, including the deletion of some obsolete or redundant provisions.