Back to previous page

Privacy of electronic communications

The Directive on Privacy and Electronic communications built on earlier EU directives to ensure that a high level of privacy is granted to all communications over public networks regardless of the technology used. Any communication method must guarantee confidentiality.

The misuse or abuse of personal data is of increasing concern to society. In Europe the right of an individual to privacy is enshrined in the European Convention on Human Rights and Fundamental Freedoms. The principles of the Convention form the basis for the regulatory framework put in place to protect personal data, including EU legislation on data protection.

Public protection

The Directive sets an enforceable legal framework that guarantees the individual’s right to privacy. It achieves this by putting in place measures that should be respected by any organisation (including governments and businesses) which handles personal data and during the design and use of data processes.

It covers processing of personal data and the protection of privacy including provisions on:

the security of networks and services
the confidentiality of communications
access to stored data
processing of traffic and location data
calling line identification
public subscriber directories, and
unsolicited commercial communications.

The essential criterion which allows data to be stored and processed by an organisation is the effective consent of the individual providing their data. The Directive covers any data which travel over public networks in Europe and therefore also encompasses any data or services which originate outside the EU.

In addition, a recent Communication on the retention of data in electronic communications of all forms ensures such organisations do not retain such information for more than a limited time.

Time and place

In addition to the personal data that forms the content of our communication, our actual use of telecommunications networks produces additional personal data, equivalent to leaving ‘digital footprints’.

So-called traffic data describes communication activity and is necessary for effective service provision but it is also sensitive data which can be used to build a detailed description of a person’s lifestyle and activities. The Privacy and Electronic Communications Directive limits the storage of such information to that required for billing purposes only. The exceptions to this rule are when the consumer has explicitly consented to the use of this information for marketing or value-added services, or in response to a valid request from police or security services investigating a criminal offence under relevant national legislation.

Location data may also be generated when using a telecommunication service. Location data generated in mobile applications is also personal data and could be used as an effective method of surveillance of individuals. The Directive requires that such data is only retained with the consent of the subscriber and the subscriber should have the possibility to block any tracking facility even if they have subscribed to a location-based service. Again exceptions can be made for emergency services and law enforcement authorities.