Page:The Privacy and Electronic Communications (EC Directive) Regulations 2003 (UKSI 2003-2426 qp).pdf/3

 “value added service” means any service which requires the processing of traffic data or location data beyond that which is necessary for the transmission of a communication or the billing in respect of that communication.

(2) Expressions used in these Regulations that are not defined in paragraph (1) and are defined in the Data Protection Act 1998 shall have the same meaning as in that Act.

(3) Expressions used in these Regulations that are not defined in paragraph (1) or the Data Protection Act 1998 and are defined in the Directive shall have the same meaning as in the Directive.

(4) Any reference in these Regulations to a line shall, without prejudice to paragraph (3), be construed as including a reference to anything that performs the function of a line, and “connected”, in relation to a line, is to be construed accordingly.

Revocation of the Telecommunications (Data Protection and Privacy) Regulations 1999

3. The Telecommunications (Data Protection and Privacy) Regulations 1999(a) and the Telecommunications (Data Protection and Privacy) (Amendment) Regulations 2000(b) are hereby revoked.

Relationship between these Regulations and the Data Protection Act 1998

4. Nothing in these Regulations shall relieve a person of his obligations under the Data Protection Act 1998 in relation to the processing of personal data.

Security of public electronic communications services

5.—(1) Subject to paragraph (2), a provider of a public electronic communications service (“the service provider”) shall take appropriate technical and organisational measures to safeguard the security of that service.

(2) If necessary, the measures required by paragraph (1) may be taken by the service provider in conjunction with the provider of the electronic communications network by means of which the service is provided, and that network provider shall comply with any reasonable requests made by the service provider for these purposes.

(3) Where, notwithstanding the taking of measures as required by paragraph (1), there remains a significant risk to the security of the public electronic communications service, the service provider shall inform the subscribers concerned of—
 * (a) the nature of that risk;
 * (b) any appropriate measures that the subscriber may take to safeguard against that risk; and
 * (c) the likely costs to the subscriber involved in the taking of such measures.

(4) For the purposes of paragraph (1), a measure shall only be taken to be appropriate if, having regard to—
 * (a) the state of technological developments, and
 * (b) the cost of implementing it,

it is proportionate to the risks against which it would safeguard.

(5) Information provided for the purposes of paragraph (3) shall be provided to the subscriber free of any charge other than the cost to the subscriber of receiving or collecting the information.

3