Go back to the Europarl portal

Choisissez la langue de votre document :

  • bg - български
  • es - español
  • cs - čeština
  • da - dansk
  • de - Deutsch
  • et - eesti keel
  • el - ελληνικά
  • en - English (Selected)
  • fr - français
  • ga - Gaeilge
  • hr - hrvatski
  • it - italiano
  • lv - latviešu valoda
  • lt - lietuvių kalba
  • hu - magyar
  • mt - Malti
  • nl - Nederlands
  • pl - polski
  • pt - português
  • ro - română
  • sk - slovenčina
  • sl - slovenščina
  • fi - suomi
  • sv - svenska
Parliamentary questions
PDF 23kWORD 21k
6 November 2019
Answer given by Ms Jourová on behalf of the European Commission
Question reference: E-002360/2019

The Commission is aware of the press articles on the issue referred to by the Honourable Member. The processing of personal data of individuals in the EU by any telecommunication company with establishments in any Member State is subject to and must comply with the data protection legislation of the European Union, i.e. the General Data Protection Regulation (GDPR).

The GDPR requires, amongst others, that personal data are only collected for specified and legitimate purposes, and that their processing is adequate, relevant and limited to what is necessary in relation to such purposes.

Personal data must be processed lawfully, fairly and in a transparent manner. The processing (including any disclosure to third party) must have an appropriate legal base, such as contract or consent. Individuals concerned must be properly informed in accordance with the GDPR.

Chapter V of the GDPR also requires that transfers of personal data to third countries shall take place only if certain conditions are met, in order to ensure that the level of data protection of natural persons is not undermined.

The supervision and enforcement of the application of the GDPR requirements fall in first instance within the competence of the national data protection supervisory authorities and courts.

The GDPR has equipped national data protection supervisory authorities with strengthened powers to ensure compliance with the data protection requirements, including the power to impose fines.

Last updated: 6 November 2019Legal notice