Page:The Privacy and Electronic Communications (EC Directive) Regulations 2003 (UKSI 2003-2426 qp).pdf/19

 EXPLANATORY NOTE (This note is not part of the Regulations) These Regulations implement Articles 2, 4, 5(3), 6 to 13, 15 and 16 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (“the Directive”).

The Directive repeals and replaces Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector which was implemented in the UK by the Telecommunications (Data Protection and Privacy) Regulations 1999. Those Regulations are revoked by regulation 3 of these Regulations.

Regulation 2 sets out the definitions which apply for the purposes of the Regulations.

Regulation 4 provides that nothing in these Regulations relieves a person of any of his obligations under the Data Protection Act 1998.

Regulation 5 imposes a duty on a provider of a public electronic communications service to take measures, if necessary in conjunction with the provider of the electronic communications network by means of which the service is provided, to safeguard the security of the service, and requires the provider of the electronic communications network to comply with the service provider’s reasonable requests made for the purposes of taking the measures (“public electronic communications service” has the meaning given by section 151 of the Communications Act 2003 and “electronic communications network” has the meaning given by section 32 of that Act).

Regulation 5 further requires the service provider, where there remains a significant risk to the security of the service, to provide subscribers to that service with certain information (“subscriber” is defined as “a person who is a party to a contract with a provider of public electronic communications services for the supply of such services”).

Regulation 6 provides that an electronic communications network may not be used to store or gain access to information in the terminal equipment of a subscriber or user (“user” is defined as “any individual using a public electronic communications service”) unless the subscriber or user is provided with certain information and is given the opportunity to refuse the storage of or access to the information in his terminal equipment.

Regulations 7 and 8 set out certain restrictions on the processing of traffic data relating to a subscriber or user by a public communications provider. “Traffic data” is defined as “any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing in respect of that communication”. “Public communications provider” is defined as “a provider of a public electronic communications network or a public electronic communications service”.

Regulation 9 requires providers of public electronic communications services to provide subscribers with non-itemised bills on request and requires OFCOM to have regard to certain matters when exercising their functions under Chapter 1 of Part 2 of the Communications Act 2003.

Regulation 10 requires a provider of a public electronic communications service to provide users of the service with a means of preventing the presentation of calling line identification on a call-by-call basis, and to provide subscribers to the service with a means of preventing the presentation of such identification on a per-line basis. This regulation is subject to regulations 15 and 16. Regulation 11 requires the provider of a public electronic communications service to provide subscribers to that service with certain facilities where facilities enabling the presentation of connected line identification or calling line identification are available. 19