A user's Internet access cannot be restricted without prior ruling by the judicial authorities, insists the European Parliament reinstating one of its first-reading amendments.
By amending an informal agreement reached with Council, MEPs send the whole "telecom package" to conciliation. The EP does, however, agree with the Council on investments in new communications infrastructure, the reform of radio spectrum use, clear consumer rights and privacy protection.
MEPs amend a political agreement reached with the Council on the reform of the regulatory framework for electronic communications - including mobile and fixed telephones, broadcasting, wireless and fixed internet. Therefore, the whole "telecom package" is likely to be subject to conciliation in Parliament's next legislative term aftr the European elections.
The package includes the revision of the electronic communications framework, the citizens' rights directive and the establishment of a new European body of telecom regulators called BEREC.
Parliament and Council do agree on the citizens' right directive and the establishment of a new European body of telecom regulators called BEREC but amend the compromise reached with Council on the framework directive. Since all three proposals are interlinked, it is likely that the whole package will go to conciliation.
Remaining open issue: No restrictions on access to services without prior ruling by judicial authorities
Parliament reinstated by 407 votes in favour with 57 votes against and 171 abstentions a first-reading amendment saying that "no restriction may be imposed on the fundamental rights and freedoms of end users, without a prior ruling by the judicial authorities (...) save when public security is threatened".
Council had rejected this amendment in first-reading.
Any limitations imposed by providers on access to, or use of, services, applications or equipment depend upon national law. The directive neither authorises or prohibits them, and hence in no way changes the existing situation. However, it does introduce an obligation to inform users where restrictions exist.
The directive also stipulates that Member States must respect the fundamental rights of citizens, including those to confidentiality and privacy, information society aims and market rules.
The directive aims to improve the quality of publicly available services. It introduces the principle of "minimum quality of service requirement" .Some limitations may be necessary to prevent the deterioration of a service (e.g. slowing or blocking of an internet connection), but these are not specified in the directive. The directive nonetheless takes this reality into account, again so as to ensure that consumers are fully informed of any restrictions. It stipulates that end-users should be able to decide what content they want to send and receive, and which services, applications, hardware and software they want to use for such purposes, without prejudice to the need to preserve the integrity and security of networks and services.
Better privacy protection and action against illegal activity on the internet
The revision of the 2002 directive on the processing of personal data and privacy protection in the field of electronic communications, a further element of the "telecoms package", aims to improve network security and integrity, better protect user personal data and improve measures against spam and "cyber attacks". The revised directive extends the existing processing of personal data harmonisation to the right to privacy, confidentiality and to security of information technology.
Under new rules introduced for the first time in EU law, the directive provides that a security breach such as the theft of a list of customer from an internet service provider must immediately be notified to the regulator. Users should be alerted to the breach of their personal data and privacy if its seriousness makes this necessary. Service providers who have demonstrated to the competent authorities that they have taken appropriate technical protection measures would not be obliged to inform a subscriber of a breach of his or her personal data. Providers should nonetheless maintain an inventory of personal data breaches, to enable the authorities to ascertain that the protection measures are adequate.
Service providers are already obliged to take appropriate steps to reduce the risks of security violations. MEPs have added systems to detect predictable vulnerabilities. Personal data may be accessed only by staff authorised to do so, and may not be stored without the prior consent of the person concerned. The text adds that ?"ny legal or physical person" can process traffic data if technical measures to guarantee the security of electronic communications make it "strictly necessary".
The directive should also strengthen protection against spam. The processing of personal data by service providers should require the consent of the user.
The installation of "cookies" on users' computers would also be subject to consent by the user. Commercial communication (including promotions, prizes and gifts) by telephone or via computer networks should be signed and identifiable with an address allowing users to request not to receive further material. The directive states that it is illegal to send e-mail containing links to malicious or fraudulent material.
Finally, protection against viruses, Trojan horses or spyware will also be improved. These programmes are already banned, whatever the storage system (CD-ROM, flash memory, USB sticks) or download method (internet, telephone or mobile).