This month, BIS published a consultation entitled “Implementing the revised EU electronic communications framework: Overall approach and consultation on specific issues”. The consultation sets out, inter alia, the Government’s approach to the implementation of the revised E-Privacy Directive.
The Government is seeking views on the changes required by the Directive, which include:
- the establishment of a system for notifications to the Information Commissioner in the event of a personal data security breach
- the introduction of “effective, proportionate and dissuasive penalties” for any infringements of the provisions of the revised Directive
- a new opt-in requirement for cookies, from a “right to refuse” to obtaining consent
The impact assessment (but interestingly, Datonomy notes, not the consultation itself) sets out the Government’s plans to introduce a requirement on providers of electronic communication services to have procedures in place (at the provider’s cost) to be able to respond to requests for information from the police or security services. Datonomy anticipates this may cause some concern amongst providers and privacy organisations alike. The Government also proposes to give the ICO powers to request information from providers to monitor and enforce compliance.
The UK has until 25 May 2011 to implement the revised European Framework on Electronic Communications. BIS invites comments by 3 December 2010.