Parliament approves data privacy protection directive
Member States will be able to side-step data privacy protection to safeguard national security or conduct criminal investigations following approval by the European Parliament of a compromise on the electronic communications data protection directive on 30 May. The directive is the last element of the new electronic communications regulatory framework, which entered into force on 24 April. The compromise states that Member States may only lift the protection of data privacy in order to conduct criminal investigations or safeguard national or public security, when this is a 'necessary, appropriate and proportionate measure within a democratic society.' This means Member States can adopt legislative measures for the retention of data for a limited period. Enterprise and Information Society Commissioner Erkki Liikanen told the Parliament that while discussions in drawing up the compromise on data traffic retention had been difficult, the Commission shares concerns expressed in the Parliament about the protection of fundamental rights and freedoms. But Mr Liikanen explained that as the directive on data protection falls under the first pillar (European Community) of competence of the EU and not the third pillar (justice and home affairs), there are legal limitations on the provisions of the directive with regard both to individual rights and freedoms and national measures for public security or crime fighting. The rapporteur, Italian MEP Marco Cappato, rejected any responsibility for the outcome, saying it entailed massive restrictions on civil liberties and ran contrary to the position of the Freedoms and Rights Committee. On spamming (unsolicited electronic correspondence), Parliament left the Council's common position unaltered, approving an opt-in system for e-mail, faxes and automated calling systems. This means that users should give prior permission before receiving unsolicited electronic communications, such as e-mails or text messages, for marketing purposes. On the inclusion of personal data in public directories, Parliament again accepted the Council's common position, saying that users should give prior permission. Parliament has maintained the possibility for Member States to allow reverse search functions, and wants a review of the directive within three years of its application.