European Parliament legislative resolution of 6 May 2009 on the common position adopted by the Council with a view to the adoption of a directive of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users" rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (16497/1/2008 – C6-0068/2009 – 2007/0248(COD))
(Codecision procedure: second reading)
The European Parliament
– having regard to the Council common position (16497/1/2008 – C6-0068/2009),
– having regard to its position at first reading(1)
on the Commission proposal to Parliament and the Council (COM(2007)0698),
– having regard to the amended Commission proposal (COM(2008)0723),
– having regard to Article 251(2) of the EC Treaty,
– having regard to Rule 62 of its Rules of Procedure,
– having regard to the recommendation for second reading of the Committee on the Internal Market and Consumer Protection (A6-0257/2009),
1. Approves the common position as amended;
2. Takes note of the Commission statements annexed to this resolution;
3. Instructs its President to forward its position to the Council and the Commission.
Position of the European Parliament adopted at second reading on 6 May 2009 with a view to the adoption of Directive 2009/.../EC of the European Parliament and of the Council amending Directive 2002/22/EC on universal service and users' rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws
(As an agreement was reached between Parliament and Council, Parliament's position at second reading corresponds to the final legislative act, Directive 2009/136/EC.)
Commission declaration on universal service
Recital (3a) - Universal Service
The Commission takes note of the text of recital (3a) agreed by the European Parliament and the Council.
The Commission wishes in this context to reaffirm that, as stated in its Communication COM (2008)0572 of 25 September 2008 on the scope of universal service in electronic communications networks and services, it will in the course of 2009 promote an extensive debate at EU level that will examine a wide range of alternative approaches and allow all interested parties to express their views.
The Commission will summarise the debate in a Communication addressed to the European Parliament and Council and will bring forward by 1 May 2010 such proposals in regard to the Universal Service Directive as may be necessary.
Commission declaration on data breach notification
Article 2(h) and 4(3) - ePrivacy Directive
The reform of the Regulatory Framework for Electronic Communications introduces a new concept to EU data protection and privacy rules: a mandatory notification of personal data breaches by providers of electronic communications services and networks. It is an important step towards enhanced security and privacy protection, although at this stage it remains limited to the electronic communications sector.
The Commission takes note of the will of the European Parliament that an obligation to notify personal data breaches should not be limited to the electronic communications sector but also apply to entities such as providers of information society services. Such an approach would be fully aligned with the overall public policy goal of enhancing the protection of EU citizens" personal data, and their ability to take action in the event of such data being compromised.
In this context, the Commission wishes to reaffirm its view, as stated in the course of the negotiations on the reform of the Regulatory Framework, that the obligation for providers of publicly available electronic communications services to notify personal data breaches makes it appropriate to extend the debate to generally applicable breach notification requirements.
The Commission will, therefore, without delay initiate the appropriate preparatory work, including consultation with stakeholders, with a view to presenting proposals in this area, as appropriate, by the end of 2011. In addition, the Commission will consult with the European Data Protection Supervisor on the potential for the application, with immediate effect, in other sectors of the principles embodied in the data breach notification rules in Directive 2002/58/EC, regardless of the sector or type of data concerned.