The views of telecoms operators, Internet service providers, Member States, national data protection authorities consumer organisations and other interested parties are being sought by the European Commission on whether additional practical rules are needed to make sure that personal data breaches are notified in a consistent way across the EU. The revised ePrivacy Directive (2009/136/EC), which entered into force on 25 May 2011 as part of a package of new EU telecoms rules, requires operators and Internet service providers to inform, without undue delay, national authorities and their customers about breaches of personal data that they hold (see IP/11/622 and MEMO/11/320). The Commission wants to gather input based on existing practice and initial experience with the new telecoms rules and may then propose additional practical rules to make clear when breaches should be reported, the procedures for doing so, and the formats that should be used. Contributions to the consultation are welcome until 9th September 2011. Commission Vice-President for the Digital Agenda Neelie Kroes said: “The duty to notify data breaches is an important part of the new EU telecoms rules. But we need consistency across the EU so businesses don’t have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses.” Here to read more.
Digital Agenda: Commission consults on practical rules for notifying personal data breaches0