Telecoms Package COD 2007 0248 ITRE Opinion

Telecoms Package: Proposal for a Directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users' rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on consumer protection cooperation (COD/2007/0248) − Committee on Industry, Research and Energy Opinion − 2008-07-07

Article 20
Article 20 − Contracts

1. This Article shall apply without prejudice to Community rules on consumer protection, in particular Directives 93/13/EC and 97/7/EC, and national rules in conformity with Community law.

2. Member States shall ensure that, where subscribing to services providing connection to a public communications network and/or publicly available telephone services, consumers have a right to a contract with an undertaking or undertakings providing such services and/or connection. The contract shall specify at least:

(a) the identity and address of the supplier;

(b) (b) the services provided, any limitations on access to and/or use of certain services and content referred to in paragraph 5, the service quality levels offered, the time for the initial connection, as well as any limitations on the use of terminal equipment;

(c) the types of maintenance service offered;

(d) particulars of prices and tariffs and the means by which up-to-date information on all applicable tariffs and maintenance charges may be obtained;

(e) the duration of the contract, the conditions for renewal and termination of services and of the contract, including direct costs for portability of numbers and other identifiers;

(f) any compensation and the refund arrangements which apply if contracted service quality levels are not met;

(g) the method of initiating procedures for settlement of disputes in accordance with Article 34;

(h) the action that might be taken by the undertaking providing connection and/or services in reaction to security or integrity incidents or threats and vulnerabilities.

Member States may extend these obligations to cover other end-users.

3. The information listed in paragraph 2 shall also be included in contracts concluded between consumers and electronic communications services providers other than those providing connection to a public communications network and/or publicly available telephone services. Member States may extend this obligation to cover other end-users.

4. Member States shall ensure that where contracts are concluded between subscribers and undertakings providing electronic communications services that allow voice communication, subscribers are clearly informed whether or not access to emergency services is provided. Providers of electronic communications services shall ensure that customers are clearly informed of the lack of access to emergency services in advance of the conclusion of a contract and thereafter.

5. Member States shall ensure, and enforce without delay where necessary, that where contracts are concluded between subscribers and undertakings providing electronic communications services and/or networks, subscribers are clearly informed in advance of the conclusion of a contract and regularly thereafter of any limitations imposed by the provider, in particular technical and price- or tariff-related limitations, on their ability to:

(a) access, use or distribute any content;

(b) access or run any application or service of their choice; and/or

(c) manage or use any content, service or application in their terminal equipment.

Such information shall be provided in a clear, comprehensive and easily accessible form.

6. Member States shall ensure that where contracts are concluded between subscribers and undertakings providing electronic communications services and/or networks, subscribers are clearly informed in advance of the conclusion of the contract and thereafter of their obligations to respect copyright and related rights.

7. Subscribers shall have a right to withdraw from their contracts without penalty upon notice of modifications in the contractual conditions proposed by operators. Subscribers shall be given adequate notice, not shorter than one month, ahead of any such modifications and shall be informed at the same time of their right to withdraw, without penalty, from such contracts, if they do not accept the new conditions. This right may only be exercised when the modifications are disadvantageous to the subscriber.

7a. Member States shall ensure that where contracts are concluded between subscribers and undertakings providing electronic communications services and/or networks, subscribers are expressly asked at the moment of concluding the contract whether and how they wish relevant information to be included in directory databases and whether they wish to exercise the option of having certain information included in the database but not disclosed to users of directory services.

''(14) A competitive market should ensure that end-users are able to access and distribute any lawful content and to use any lawful applications and/or services of their choice, as stated in Article 8 of Directive 2002/21/EC. Given the increasing importance of electronic communications for consumers and businesses, users should in any case be fully informed of any restrictions and/or limitations imposed on the use of electronic communications services by the service and/or network provider. Where there is a lack of effective competition, national regulatory authorities should use the remedies available to them in Directive 2002/19/EC to ensure that users' access to particular types of content, services or applications is not unreasonably restricted and, for instance, that unreasonable wholesale access terms are addressed.''

Article 21
Article 21 − Transparency and publication of information

-1. This Article shall apply without prejudice to Community rules on consumer protection, in particular Directives 97/7/EC and 2005/29/EC, and to national rules that are in conformity with Community law.

1. Member States shall ensure that transparent, comparable, adequate and up-to-date information on applicable prices and tariffs, and on standard terms and conditions, in respect of access to and use of the services identified in Articles 4, 5, 6, and 7 is available to end-users and consumers, in accordance with the provisions of Annex II.

2. Member States shall ensure that undertakings providing public electronic communications networks and/or services publish comparable, adequate and up-to-date information on applicable prices and tariffs in respect of access and use of their services provided to consumers. Such information shall be published in an easily accessible form.

3. National regulatory authorities shall encourage the provision of information to enable end-users and consumers to make an independent evaluation of the cost of alternative usage patterns, by means of interactive guides or similar techniques. Member States shall ensure that national regulatory authorities make such guides or techniques available, when these are not available on the market. Third parties shall have a right to use without charge the tariffs published by undertakings providing electronic communications networks and/or services, for the purposes of selling or making available such interactive guides or similar techniques.

4. Member States shall ensure that national regulatory authorities are able to oblige undertakings providing electronic communications services to provide applicable tariff information to customers at the time and point of purchase to ensure that customers are fully informed of pricing conditions.

5. Member States shall ensure that national regulatory authorities are able to oblige undertakings providing electronic communications services and/or networks to provide information required in accordance with Article 20(5) to customers in a clear, comprehensive and easily accessible form.

6. In order to ensure that end-users can benefit from a consistent approach to tariff transparency, as well as to the provision of information in accordance with Article 20(5) in the Community, the Commission may introduce guidelines, such as guidelines specifying the methodology or procedures.

Article 22
Article 22 − Quality of service

1. Member States shall ensure that national regulatory authorities, after taking account of the views of interested parties, require undertakings that provide publicly available electronic communications networks and/or services to publish comparable, adequate and up-to-date information for end-users on the quality of their services, with particular emphasis on information provided to disabled end-users concerning equivalent access. The information shall, on request, also be supplied to the national regulatory authority in advance of its publication.

2. National regulatory authorities may specify, inter alia, the quality of service parameters to be measured, and the content, form and manner of information to be published, in order to ensure that end-users have access to comprehensive, comparable and user-friendly information. Where appropriate, the parameters, definitions and measurement methods given in Annex III could be used.

3. Member States shall ensure the transparency of services across networks, and shall avoid anti-competitive discrimination in services. In order to prevent degradation of service and slowing of traffic over networks, national regulatory authorities may, having consulted the [xxx] and the Commission, adopt minimum quality of service requirements for undertakings providing public communications networks.

Without prejudice to the first subparagraph, undertakings providing public communications networks shall be entitled to carry out reasonable network management.

3a. In order to ensure that users' ability to access or distribute lawful content or to run any lawful application or service of their choice is not unreasonably restricted, Member States shall ensure that the national regulatory authorities ensure that any limitations imposed by undertakings providing public communications networks and/or services on the ability of subscribers to access or distribute lawful content are duly justified.

Article 28
Article 28 − Access to numbers and services

1. Member States shall ensure that national regulatory authorities take all necessary steps to ensure that:

(a) end-users are able to access and use services, including information society services, provided within the Community; and

(b) end-users are able to access all numbers provided in the Community, including those in the national numbering plans of Member States, those from the European Telephone Numbering Space and Universal International Freephone Numbers.

National regulatory authorities shall be able to block on a case-by-case basis access to numbers or services where this is justified by reasons of fraud or misuse.

2. In order to ensure that end users have effective access to numbers and services in the Community, the Commission may, having consulted the Authority, adopt technical implementing measures. These measures designed to amend non-essential elements of this Directive by supplementing it shall be adopted in accordance with the regulatory procedure with scrutiny referred to in Article 37(2). On imperative grounds of urgency, the Commission may use the urgency procedure referred to in Article 37(3).

Any such technical implementing measure may be periodically reviewed to take account of market and technological developments.

''(22) A single market implies that end-users are able to access all numbers included in the national numbering plans of other Member States, and to access services, including Information Society services, using non-geographic numbers within the Community, including among others freephone and premium rate numbers. End-users should also be able to access numbers from the European Telephone Numbering Space (ETNS) and universal international freephone numbers (UIFN). Cross-border access to numbering resources and to the associated service should not be prevented except in objectively justified cases, such as when this is necessary to combat fraud, and abuse e.g. in connection with certain premium-rate services, or when the number is defined as having a national scope only (e.g. national short code). Users should be fully informed in advance in a clear manner of any charges applicable to freephone numbers, such as international call charges for numbers accessible through standard international dialling codes. In order to ensure that end-users have effective access to numbers and services in the Community, the Commission should be able to adopt implementing measures.''

Article 33
Article 33 − Consultation with interested parties

1. Member States shall ensure as far as appropriate that national regulatory authorities take account of the views of end-users, and consumers (including, in particular, disabled users), manufacturers, undertakings that provide electronic communications networks and/or services on issues related to all end-user and consumer rights concerning publicly available electronic communications services, in particular where they have a significant impact on the market.

In particular, Member States shall ensure that national regulatory authorities establish a consultation mechanism ensuring that in their decision-making process due consideration is given to consumer interests in electronic communications.

2. Where appropriate, interested parties may develop, with the guidance of national regulatory authorities, mechanisms, involving consumers, user groups and service providers, to improve the general quality of service provision by, inter alia, developing and monitoring codes of conduct and operating standards.

3. Member States shall submit a yearly report to the Commission and the Authority on the measures taken and the progress towards improving interoperability and use of, and access to, electronic communications services and terminal equipment by disabled end-users.

4. Without prejudice to the application of Directive 1999/5/EC and in particular of disability requirements pursuant to its Article 3(3)(f), and in order to improve accessibility to electronic communications services and equipment by disabled end-users, the Commission may introduce guidelines and take the appropriate technical implementing measures to address the issues raised in the report referred to in paragraph 3, following a public consultation.

''(25) In order to overcome existing shortcomings in terms of consumer consultation and appropriately address the interests of citizens, Member States should put in place an appropriate consultation mechanism. Such a mechanism could take the form of a body which would, independently from the national regulatory authority as well as from service providers, carry out research on consumer-related issues, such as consumer behaviour and mechanisms for changing suppliers, and which would operate in a transparent manner and contribute to the existing mechanisms for stakeholders' consultation. Where there is a need to address the facilitation of the access to and use of electronic communications services and terminal equipment for disabled users, and without prejudice to Directive 1999/5/EC of the European Parliament and of the Council of 9 March 1999 on radio equipment and telecommunications terminal equipment and the mutual recognition of their conformity (OJ L 91, 7.4.1999, p. 10. Directive as amended by Regulation (EC) No 1882/2003 of the European Parliament and of the Council (OJ L 284, 31.10.2003, p. 1).) and in particular the disability requirements pursuant to its Article 3(3)(f), the Commission should be able to adopt implementing measures.''

Article 34
Article 34 − Out-of-court dispute resolution

1. Member States shall ensure that transparent, simple and inexpensive out-of-court procedures are available for dealing with unresolved disputes between consumers and undertakings providing electronic communications networks and/or services, relating to the contractual conditions and/or performance of contracts concerning supply of such networks or services. Member States shall adopt measures to ensure that such procedures enable disputes to be settled fairly and promptly and may, where warranted, adopt a system of reimbursement and/or compensation. Member States may extend these obligations to cover disputes involving other end-users.

Member States shall ensure that bodies in charge of dealing with such disputes provide relevant information for statistical purposes to the Commission and the Authority.

2. Member States shall ensure that their legislation does not hamper the establishment of complaints offices and the provision of on-line services at the appropriate territorial level to facilitate access to dispute resolution by consumers and end-users.

3. Where such disputes involve parties in different Member States, Member States shall coordinate their efforts with a view to bringing about a resolution of the dispute.

4. This Article is without prejudice to national court procedures.

Article 2
Article 2 − Definitions

Save as otherwise provided, the definitions in Directive 95/46/EC and in Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive)(8) shall apply.

The following definitions shall also apply:

(a) “user” means any natural person using a publicly available electronic communications service, for private or business purposes, without necessarily having subscribed to this service;

(b) “traffic data” means any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof;

(c) “location data” means any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service;

(d) “communication” means any information exchanged or conveyed between a finite number of parties by means of a publicly available electronic communications service. This does not include any information conveyed as part of a broadcasting service to the public over an electronic communications network except to the extent that the information can be related to the identifiable subscriber or user receiving the information;

(e) “call” means a connection established by means of a publicly available telephone service allowing two-way communication;

(f) “consent” by a user or subscriber corresponds to the data subject's consent in Directive 95/46/EC;

(g) “value added service” means any service which requires the processing of traffic data or location data other than traffic data beyond what is necessary for the transmission of a communication or the billing thereof;

(h) “electronic mail” means any text, voice, sound or image message sent over a public communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient.

Article 3
''(28) Technological progress allows the development of new applications based on devices for data collection and identification, which may be contactless devices using radio frequencies. For example, Radio Frequency Identification Devices (RFID) use radio frequencies to capture data from uniquely identified tags, which can then be transferred over existing communications networks. The wide use of such technologies can bring considerable economic and social benefits and thus make a powerful contribution to the internal market if their use is acceptable to citizens. To achieve that, it is necessary to ensure that the fundamental rights of individuals, in particular the right to privacy and data protection, are safeguarded. When such devices are connected to publicly available electronic communications networks or make use of electronic communications services as a basic infrastructure, the relevant provisions of Directive 2002/58/EC, including those on security, traffic and location data and on confidentiality, should apply.''

Article 4
Article 4 − Security of processing

1. The provider of a publicly available electronic communications service must take appropriate technical and organisational measures to safeguard security of its services, if necessary in conjunction with the provider of the public communications network with respect to network security. Having regard to the state of the art and the cost of their implementation, these measures shall ensure a level of security appropriate to the risk presented.

2. In case of a particular risk of a breach of the security of the network, the provider of a publicly available electronic communications service must inform the subscribers concerning such risk and, where the risk lies outside the scope of the measures to be taken by the service provider, of any possible remedies, including an indication of the likely costs involved.

3. In case of serious breach of security by the provider of publicly available electronic communications services leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed in connection with the provision of publicly available electronic communications services in the Community, the provider of publicly available electronic communications services shall, without undue delay, notify the national regulatory authority of such a breach. The notification shall describe the nature of the breach and its consequences, and the measures taken by the provider to address the breach, and shall recommend measures to mitigate its possible negative effects. The national regulatory authority shall decide whether the provider of publicly available electronic communications services shall notify the subscriber concerned of the breach. Where personal data has been rendered unusable by technical or procedural means to the extent that the risk of loss is low or substantially removed, a breach of security should not be considered as having caused harm to the end-user. Therefore the national regulatory authority may decide not to request notification from the provider to the subscriber concerned. The technical and procedural means of rendering data unusable shall be approved by the national regulatory authority. The Commission may, having consulted the [xxx], take the appropriate coordination measures to ensure a consistent approach at Community level.

Where appropriate, the national regulatory authority concerned shall notify the national regulatory authorities in other Member States and the [xxx] of the breach. Where disclosure of the breach is in the public interest, the national regulatory authority may inform the public.

Every three months, the national regulatory authority shall submit a summary report to the Commission on the notifications received and action taken pursuant to this paragraph.

''(29) A breach of security resulting in the loss or compromising personal data of an individual subscriber may, if not addressed in an adequate and timely manner, result in substantial economic loss and social harm, including identity fraud. Therefore, subscribers concerned by serious security incidents should be notified without delay and informed in order to be able to take the necessary precautions, if the national regulatory authorities consider this necessary after notification by the service provider. Where personal data is rendered unusable, the national regulatory authorities should be able to decide not to request notification by the service provider. A notification under these circumstances should include information about measures taken by the provider to address the breach, as well as recommendations for the users affected, as appropriate for each individual case.''

4. In order to ensure consistency in implementation of the measures referred to in paragraphs 1, 2 and 3, the Commission may, having consulted the [xxx] and the European Data Protection Supervisor, adopt technical implementing measures concerning inter alia the circumstances, format and procedures applicable to information and notification requirements referred to in this Article.

Those measures, designed to amend non-essential elements of this Directive by supplementing it, shall be adopted in accordance with the regulatory procedure with scrutiny referred to in Article 14a (2).

Article 5
Article 5 − Confidentiality of the communications

1. Member States shall ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15(1). This paragraph shall not prevent technical storage which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality.

2. Paragraph 1 shall not affect any legally authorised recording of communications and the related traffic data when carried out in the course of lawful business practice for the purpose of providing evidence of a commercial transaction or of any other business communication.

3. Member States shall ensure that the storing of information, or gaining access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his/her prior consent based on clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user. The subscriber's prior consent shall be sought separately from his/her agreement to the general provisions.

Article 6
Article 6 − Traffic data

1. Traffic data relating to subscribers and users processed and stored by the provider of a public communications network or publicly available electronic communications service must be erased or made anonymous when it is no longer needed for the purpose of the transmission of a communication without prejudice to paragraphs 2, 3 and 5 of this Article and Article 15(1).

2. Traffic data necessary for the purposes of subscriber billing and interconnection payments may be processed. Such processing is permissible only up to the end of the period during which the bill may lawfully be challenged or payment pursued.

3. For the purpose of marketing electronic communications services or for the provision of value added services, the provider of a publicly available electronic communications service may process the data referred to in paragraph 1 to the extent and for the duration necessary for such services or marketing, if the subscriber or user to whom the data relate has given his/her prior consent. Users or subscribers shall be given clear and comprehensive information on the possibility to withdraw their consent for the processing of traffic data at any time. The procedures for withdrawing consent shall be easily comprehensible and straightforward.

4. The service provider must inform the subscriber or user of the types of traffic data which are processed and of the duration of such processing for the purposes mentioned in paragraph 2 and, prior to obtaining consent, for the purposes mentioned in paragraph 3.

5. Processing of traffic data, in accordance with paragraphs 1, 2, 3 and 4, must be restricted to persons acting under the authority of providers of the public communications networks and publicly available electronic communications services handling billing or traffic management, customer enquiries, fraud detection, marketing electronic communications services or providing a value added service, and must be restricted to what is necessary for the purposes of such activities.

6. Paragraphs 1, 2, 3 and 5 shall apply without prejudice to the possibility for competent bodies to be informed of traffic data in conformity with applicable legislation with a view to settling disputes, in particular interconnection or billing disputes.

Article 14
Article 14 − Technical features and standardisation

1. In implementing the provisions of this Directive, Member States shall ensure, subject to paragraphs 2 and 3, that no mandatory requirements for specific technical features are imposed on terminal or other electronic communication equipment which could impede the placing of equipment on the market and the free circulation of such equipment in and between Member States.

2. Where provisions of this Directive can be implemented only by requiring specific technical features in electronic communications networks, Member States shall inform the Commission in accordance with the procedure provided for by Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on information society services(9).

3. Where required, measures may be adopted to ensure that terminal equipment is constructed in a way that is compatible with the right of users to protect and control the use of their personal data, in accordance with Directive 1999/5/EC and Council Decision 87/95/EEC of 22 December 1986 on standardisation in the field of information technology and communications (OJ L 36, 7.2.1987, p. 31. Decision as last amended by the 1994 Act of Accession.).

Article 15
Article 15 − Application of certain provisions of Directive 95/46/EC

1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on European Union.

2. The provisions of Chapter III on judicial remedies, liability and sanctions of Directive 95/46/EC shall apply with regard to national provisions adopted pursuant to this Directive and with regard to the individual rights derived from this Directive.

3. The Working Party on the Protection of Individuals with regard to the Processing of Personal Data instituted by Article 29 of Directive 95/46/EC shall also carry out the tasks laid down in Article 30 of that Directive with regard to matters covered by this Directive, namely the protection of fundamental rights and freedoms and of legitimate interests in the electronic communications sector.

Article 15a
Article 15a − Implementation and enforcement

1. Member States shall lay down the rules on penalties applicable to infringements of the national provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive. The Member States shall notify those provisions to the Commission by the [time-limit for implementation of the amending act] at the latest and shall notify it without delay of any subsequent amendment affecting them.

2. Without prejudice to any judicial remedy which might be available, Member States shall ensure that the national regulatory authority has the power to order the cessation of the infringements referred to in paragraph 1.

3. Member States shall ensure that national regulatory authorities have all the investigative powers and resources necessary, including the possibility to obtain any relevant information they might need to monitor and enforce national provisions adopted pursuant to this Directive.

4. In order to ensure effective cross-border co-operation in the enforcement of the national laws adopted pursuant to this Directive and to create harmonised conditions for the provision of services involving cross-border data flows, the Commission may adopt technical implementing measures, following consultation with the Authority and the relevant regulatory authorities.

The measures designed to amend non-essential elements of this Directive by supplementing it shall be adopted in accordance with the regulatory procedure with scrutiny referred to in Article 14a (2). On imperative grounds of urgency, the Commission may use the urgency procedure referred to in Article 14a (3).

''(36) The need to ensure an adequate level of protection of privacy and personal data transmitted and processed in connection with the use of electronic communications networks in the Community calls for effective implementation and enforcement powers in order to provide adequate incentives for compliance. National regulatory authorities should have sufficient powers and resources to investigate cases of non-compliance effectively, including the possibility to obtain any relevant information they might need, to decide on complaints and to impose sanctions in cases of non-compliance.''

Article 18
Article 18 − Review

The Commission shall submit to the European Parliament and the Council, not later than three years after the date referred to in Article 17(1), a report on the application of this Directive and its impact on economic operators and consumers, in particular as regards the provisions on unsolicited communications, taking into account the international environment. For this purpose, the Commission may request information from the Member States, which shall be supplied without undue delay. Where appropriate, the Commission shall submit proposals to amend this Directive, taking account of the results of that report, any changes in the sector and any other proposal it may deem necessary in order to improve the effectiveness of this Directive.