Go back to the Europarl portal

Choisissez la langue de votre document :

  • bg - български
  • es - español
  • cs - čeština
  • da - dansk
  • de - Deutsch
  • et - eesti keel
  • el - ελληνικά
  • en - English (Selected)
  • fr - français
  • ga - Gaeilge
  • hr - hrvatski
  • it - italiano
  • lv - latviešu valoda
  • lt - lietuvių kalba
  • hu - magyar
  • mt - Malti
  • nl - Nederlands
  • pl - polski
  • pt - português
  • ro - română
  • sk - slovenčina
  • sl - slovenščina
  • fi - suomi
  • sv - svenska
Parliamentary questions
PDF 106kWORD 18k
11 October 2018
Answer given by Ms Jourová on behalf of the European Commission
Question reference: P-004313/2018

The Commission is aware of the practices referred to by the Honourable Member. The EU has established comprehensive rules to protect the privacy and data protection of individuals in the EU. The Commission has underlined the need for a trusted Digital Single Market for all in a recent Communication(1).

Individuals whose personal data are processed benefit from the rights provided under the General Data Protection Regulation (GDPR)(2), including a right to object to processing and to withdraw consent. The GDPR requires amongst others that processing be lawful, fair and transparent, and that personal data be collected for specified, explicit and legitimate purposes.

In addition, Directive 2002/58/EC (the ePrivacy Directive)(3) complements and particularises the GDPR as regards the processing of personal data in the electronic communications sector. Notably, Article 5(3) provides that the storing of information or the gaining of access to the information already stored in the terminal equipment is only allowed when the subscriber or user concerned has given his or her consent; such storage or access is necessary to transmit the communication; or it is necessary to provide an information society service explicitly requested by a subscriber or user. Directive 2002/58/EC refers to GDPR as far as the validity of consent is concerned(4).

The monitoring and enforcement of the application of data protection legislation falls within the competence of national authorities and courts, without prejudice to the competences of the European Commission as guardian of the Treaties. The Irish Data Protection Commissioner has published a statement indicating that it has asked Google for information in order to assess the case and take all appropriate next steps(5).

(1)COM(2018) 320 of 15 May 2018.
(2)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1‐88.
(3)Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), as amended by Directive 2009/136/EC.
(4)Articles 4(11) and 7 GDPR apply in this respect.

Last updated: 11 October 2018Legal notice