- The law of privacy in the European Directives of 2002 and 2009.
The E- Privacy directive is the directive 2002/58 directive which is basically on privacy in electronic and telecommunication. This directive has addressed the data protection and privacy in this developing digital age. Since it is a up gradation of data protection directive it looks after the issues of information, traffic treatment, cookies and spasm.
But this directive has undergone an amendment in 2009/136 which mainly focus on the cookies. This directive is mostly targeted for the protection of the personal data processing which is related to the processes of communication. The components of the directives can be summarized below.
Security in processing- This directive directs the electronic communication service providers to protect their service by- accession of any personal data only by the authenticated authorized individual, protection of personal data from being destruction or any other means of alteration, there should be proper policy implementation for the security of the personal data.
If any personal data is hacked or infringed then the service provider should convey this to the person concerned with the data and also to the National regulatory authority.
Second act is the confidentiality in communication t asks the members to abide by the national legislation and must provide confidentiality to the personal data passed in electronic tale communication system. No tapping, recording of calls and storage can be carried out for any person without his/her consent. Before storing and processing of personal data of anybody they should be asked first.
The directive also throw some light on data retention, any personal data such addresses can’t be kept with the members state after billing without taking permission from the person for further use. But the directive also give flexibility that if any case of national or public security or criminal investigation arises then they can lay down some rules and make available the personal data.
The directive gives opt in option for unwanted commercial mail and sms. If the user doesn’t give his her consent then no unwanted mail or SMS can be sent to the user account with certain exceptions. The directive also says that the user must give the consent for storing of the personal data in any terminal equipment so that the information can be accessed later.
The users before allowing for accessing the information must know the process as well as the purpose of storage of their personal data. So these measures help in protecting the personal matters and life of users from different kind of malicious softwares and viruses. Cookies are mostly the exchange of information in between the user and the internet and that information were stored in the hard disk of the user. The main objective behind it to know the sessions and also this helps to know the activities that a surfer performs on net.
The common mass of Europe must give their consent before publication of any data related to their telephone numbers, email address and physical number too. There should be some sort of penalties that the authorities must have in case of infringement of anything that has been mentioned in the directive and the national authority must have that much power to regulate this directive.
But this directive has undergone certain changes or amendments with regard to the cookies in November 2009. The users are asked to have the cookies in before using the net it is jus opposite of the previous law enacted. Under the amendments the companies first have to go for the consent of the users for storing and getting their personal files
This addition is otherwise known as the cookie law. But all the cookies are not included in this. According to the authorities of data protection those cookies which comes with a definite user id are the persistent cookies and thus qualifies under this directive to be taken as the personal data.
Another controversy with this amendment is of the consent process of the user, Rather than with the option of prior consent the users are given the opportunity to refuse the cookies at their will. So there has been no mention of the consent through which consent has to be obtained.
There is a common confusion regarding cookies is that does the users are allowed to change their setting of the web browser according to their will so that the cookies will be stored at their will or they have to agree in an unambiguous way. So to eradicate or remove this confusion a series of talks has occurred between the ISPs the privacy law makers, court etc.
So even though this directive gives protection to the user’s privacy by many methods but it does not clearly mention the ways of obtaining data, the ways of consent etc which create a chaos.
This directive even though is self sufficient but must come up with amended structure on this regard so that there will be no confusion between the user and the internet service providers as well as the national regulatory authorities regarding this matter and the user’s will feel safe to surf the net.
At the same time there should be strict measures to check the cyber crime as more freeness will help in increase of these activities as these protects the privacy of the user at its best, so there is every chance for a criminal to have a crime and try to escape from it by not giving the consent either to store the data in terminal equipment or in any other system. But this title is not applicable to the title v and title VI.
Currently the directive is mostly administer by the EU data retention directive whose main aim is to amend the directive. This directive is not only applicable to the common mass but also those authorities who head the legal department showing that law is same for all and it’s homogenous. So this directive is a welcome note for Isp as well as its subscribers as it is striking balance between the users as well as the intermediary service providers.
- Briefly evaluate the changes to E-Privacy brought into force in 2011.
This directive has been upgraded or amended by the UK legislation in May 2011, which the European council has to apply. The change mostly demands from the users to leave their cookies n their computers to be accessed by the authorities the new amendment says that users can’t be asked to give personal details or can be asked to leave their cookies unless and until they are informed about all the procedures of handling of data, processing what will be done to their information and all other relevant information regarding cookies.
So this amendment is going to affect the business of those who maintain websites of their own. Even though these amendments have been done but still the members are yet to bring regulation to apply this directive. So initial guidance has been given to all government authorities and statutory bodies to give information to stakeholder how they will start to implement these rules.
The new amendments sets that the users are not required to give their consent in every cookies they use, it asks the browser owners that they should provide the browser with such systems that the users can opt out for cookies if they wish there will be no mandatory rules for opt in for cookies. These changes will affect those business which were not under the EU membership, any places beyond EU also comes under the jurisdiction of this directive on cookies thus affecting the business outside the EU too.
Another consequence of this directive is that this directive has to be implemented across EU within 25th may and the statutory body has given the ruling that hefty fines will be imposed on business owners failing to apply the directives in their business within the given time period. So this may lead to the chaos as well as many lacunae in technical ground as the period is very scanty.
After this directive the business as well as the browser owner’s has to see with which process they are obtaining the consent and always keep their options open so that they will know what directive has come from the government how to operate them and what all rules has to be followed to avoid any discrepancy. Under new directive the internet service providers are asked to seek the help of the national authorities and other regulatory bodies on any type of the security breach.
The browser owners are asked to use a dialog box before asking consent from the user for storing their cookies information. The browser owners can give maximum benefit to those users who gives consent to have their information stored and can give minimum benefits to those who do not thus encouraging the users to go for consent giving indirectly.
So even though these amendments are helpful in easing the works of the users and also the internet providers in many ways but still the time period is very short for up gradation as it may lead to operational risk and many other type of risk which cannot be avoided and thus creating a chance of failure of the directive in large scale.
- Identify, summarize and critically evaluate legal case in EU privacy law.
This is the case between the European republic and German Federal republic over the failure by one of the member state to fulfil the responsibilities mentioned in directive 95/46/EC, where there has been a report on the failure of protection of data of the user and maintenance of privacy. The case is numbered as C-518/07.
The case has been judged that there is breach of directives by the German federal republic under article 28 g1 of the directive 95/46/EC on data protection because the authorities which the government has appointed to check are also subjected to the scrutiny of the state and cannot work independently at their own will, under this provision.
Even though under this directive the local authorities under the Member state are allowed to function independently in data protection context but according to the German law whether or not a regulatory body is involved in data protection it has to be subjected to some sort of scrutiny by any federal or state government.
So this law is totally opposite of the directive as it found out by the commission. But it was judged in favour of the European commission that the supervisor authority in that directive which has the mention of complete independence actually signifies that the authority should be free from any type of influences from any sector of the government not that it is not subjected to the scrutiny of the government bodies.
This case was important on the ground because it first opened the flaws in the drafting of the directive because whatever the European law says under the Supervisory Authority it gives a different meaning totally contrary to the German law, Then it becomes very difficult at the International scenario to act upon such cases at it will lead to conflict in between the two cases.
Except this also this case is important as it gives the EU supervisory authority the legal right to act as the fundamental guardians of the personal data as well as the privacy of the user. It also asks the supervisory authority to strike a direct balance between the fundamental right of the user and personal data which has a lot of importance because no authority can ask for consent from the user.
Regarding a information which breaches the fundamental rights of the citizens so this authority has to take care of such things and must devise alternative to this so that a right balance can be maintained.
The independence which has rose some confusion is mostly intended for the supervisory authority to help in protection of the public and personal data using that independence and must not be influenced by any other sector as sometimes the authorities may asked to get some personal data of any user for any personal investigation purposes or for any other means, the most current issue is on the British newspaper which was sacked for its activities to get personal data from the tele communications.
The independent status tells us that it has not been given to declare the authority as powerful one but to protect the bodies and other users who get affected by their directive or any decision.
- Critically evaluated newspaper article in EU privacy law.
HARD COPY OF THE ARTICLE ATTACHED TO THE COURSEWORK.
This is a news paper article which tells that the government of Germany has asked the web browsers and ISP’s to ask its subscribers to remove the fan page as well as the like tab from the Face book web page as it is against the German as well as deviating from the European law of privacy.
The argument on this regard kept by the German government is when someone likes something in face book and click the tab the information about the user is get collected in US and stored which is against the German as well as the newly amended European law of privacy with regard to the protection of the personal data and users.
It has been reported by the government agency that if anybody is using any plug in face book and liking something then his/her account is going to be tracked for nearly two years by the browser company, even though Face book has denied such allegations of the German government. This article is published in IB times in August 19 2011.
Now let’s have a analysis on this. The allegations made by the German authorities that the face book is not going in accordance with the EU privacy law are not at all baseless. The matter has to be taken into consideration with seriousness, as this goes against the user’s consent to use the information and storing it as well as tracking it.
According to the directive of the European privacy law without taking formal consent of the user no personal data can be shared neither can be stored for any purpose in any terminal equipment. Secondly if also there is a necessity of storing data then they have to inform the concerned persons regarding this and first state on what basis they are storing and in which purpose they will be using those data, but if the allegations made by the federal republic of Germany is proved to be true then it going to become a serious case as it breaches all the directives of the privacy law.
The authorities of the face book says that they are in accordance with the EU law but they didn’t gave any prove of that. The European law on privacy also should have some clauses on this matter as it is the wish of the user to like or not to like on anything in a social networking site so curbing the right to like is curbing one’s fundamental rights so it is going contrary to the responsibilities of the supervisory authority under the directive 95/46/EC that it has to strike balance between the fundamental right as well as the personal data.
So the directive should come up with certain clauses which must says that the browser owners must give a formal consent as a tab for the users stating that liking this will store some of your personal information and what all information’s., if the user will give consent then they are allowed to like. It now depends upon the user to decide to like or not as it will maintain the balance between the fundamental rights as well as the protection of the personal data
5) On spam: Asscher, L, Hoogcarspel, S.A, Regulating Spam: A European Perspective after the Adoption of the E-Privacy Directive (T.M.C. Asser Press 2006)
6) Edwards, L, “Articles 6 – 7, ECD; Privacy and Electronics Communications Directive 2002” in Edwards, L. (ed.) The New Legal Framework for E-Commerce in Europe (Hart 2005)
8) Johannes M. Bauer, 2002. “Normative foundations of electronic communications policy in the European Union,” In: Jacint Jordana (editor). Governing telecommunications and the new information society in Europe. Cheltenham, U.K.: Edward Elgar, pp. 110–133.
9) European Commission (EC), 2009. Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework, L 337/37, 18 December 2009. Brussels: EC.
10) Ian Goodwin and Steve Spittle, 2002. “The European Union and the information society: Discourse, power and policy,” New Media & Society, volume 4, number 2, pp. 225–249.