Explanatory Note
(This note is not part of the Regulations)
These Regulations implement Articles 2, 4, 5(3), 6 to 13, 15 and 16 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (“the Directive”).
The Directive repeals and replaces Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector which was implemented in the UK by the Telecommunications (Data Protection and Privacy) Regulations 1999. Those Regulations are revoked by regulation 3 of these Regulations.
Regulation 2 sets out the definitions which apply for the purposes of the Regulations.
Regulation 4 provides that nothing in these Regulations relieves a person of any of his obligations under the Data Protection Act 1998.
Regulation 5 imposes a duty on a provider of a public electronic communications service to take measures, if necessary in conjunction with the provider of the electronic communications network by means of which the service is provided, to safeguard the security of the service, and requires the provider of the electronic communications network to comply with the service provider’s reasonable requests made for the purposes of taking the measures (“public electronic communications service” has the meaning given by section 151 of the Communications Act 2003 and “electronic communications network” has the meaning given by section 32 of that Act). Regulation 5 further requires the service provider, where there remains a significant risk to the security of the service, to provide subscribers to that service with certain information (“subscriber” is defined as “a person who is a party to a contract with a provider of public electronic communications services for the supply of such services”).
Regulation 6 provides that an electronic communications network may not be used to store or gain access to information in the terminal equipment of a subscriber or user (“user” is defined as “any individual using a public electronic communications service”) unless the subscriber or user is provided with certain information and is given the opportunity to refuse the storage of or access to the information in his terminal equipment.
Regulations 7 and 8 set out certain restrictions on the processing of traffic data relating to a subscriber or user by a public communications provider. “Traffic data” is defined as “any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing in respect of that communication”. “Public communications provider” is defined as “a provider of a public electronic communications network or a public electronic communications service”.
Regulation 9 requires providers of public electronic communications services to provide subscribers with non-itemised bills on request and requires OFCOM to have regard to certain matters when exercising their functions under Chapter 1 of Part 2 of the Communications Act 2003.
Regulation 10 requires a provider of a public electronic communications service to provide users of the service with a means of preventing the presentation of calling line identification on a call-by-call basis, and to provide subscribers to the service with a means of preventing the presentation of such identification on a per-line basis. This regulation is subject to regulations 15 and 16. Regulation 11 requires the provider of a public electronic communications service to provide subscribers to that service with certain facilities where facilities enabling the presentation of connected line identification or calling line identification are available.
Regulation 12 requires a public electronic communications service provider to provide certain information to the public for the purposes of regulations 10 and 11, and regulation 13 requires communications providers (the term “communications provider” has the meaning given by section 405 of the Communications Act 2003) to co-operate with reasonable requests made by providers of public electronic communications services for the purposes of those regulations.
Regulation 14 imposes certain restrictions on the processing of location data, which is defined as “any data processed in an electronic communications network indicating the geographical position of the terminal equipment of a user of a public electronic communications service, including data relating to the latitude, longitude or altitude of the terminal equipment; the direction of travel of the user; or the time the location information was recorded.”
Regulation 15 makes provision in relation to the tracing of malicious or nuisance calls and regulation 16 makes provision in relation to emergency calls, which are defined in regulation 16(1) as calls to the national emergency number 999 or the European emergency call number 112.
Regulation 17 requires the provider of an electronic communications service to a subscriber to stop, on request, the automatic forwarding of calls to that subscriber’s line and also requires other communications providers to comply with reasonable requests made by the subscriber’s provider to assist in the prevention of that forwarding.
Regulation 18 applies to directories of subscribers, and sets out requirements that must be satisfied where data relating to subscribers is included in such directories. It also gives subscribers the right to verify, correct or withdraw their data in directories.
Regulation 19 provides that a person may not transmit communications comprising recorded matter for direct marketing purposes by an automated calling system unless the line called is that of a subscriber who has notified the caller that he consents to such communications being made.
Regulations 20, 21 and 22 set out the circumstances in which persons may transmit, or instigate the transmission of, unsolicited communications for the purposes of direct marketing by means of facsimile machine, make unsolicited calls for those purposes, or transmit unsolicited communications by means of electronic mail for those purposes. Regulation 22 (electronic mail) applies only to transmissions to individual subscribers (the term “individual” means “a living individual” and includes “an unincorporated body of such individuals”).
Regulation 23 prohibits the sending of communications by means of electronic mail for the purposes of direct marketing where the identity of the person on whose behalf the communication is made has been disguised or concealed or an address to which requests for such communications to cease may be sent has not been provided.
Regulation 24 sets out certain information that must be provided for the purposes of regulations 19, 20 and 21.
Regulation 25 imposes a duty on OFCOM, for the purposes of regulation 20, to maintain and keep up-to-date a register of numbers allocated to subscribers who do not wish to receive unsolicited communications by means of facsimile machine for the purposes of direct marketing. Regulation 26 imposes a similar obligation for the purposes of regulation 21 in respect of individual subscribers who do not wish to receive calls for the purposes of direct marketing.
Regulation 27 provides that terms in certain contracts which are inconsistent with these Regulations shall be void.
Regulation 28 exempts communications providers from the requirements of these Regulations where exemption is required for the purpose of safeguarding national security and further provides that a certificate signed by a Minister of the Crown to the effect that exemption from a requirement is necessary for the purpose of safeguarding national security shall be conclusive evidence of that fact. It also provides for certain questions relating to such certificates to be determined by the Information Tribunal referred to in section 6 of the Data Protection Act 1998.
Regulation 29 provides that a communications provider shall not be required by these Regulations to do, or refrain from doing, anything if complying with the requirement in question would be inconsistent with a requirement imposed by or under an enactment or by a court order, or if exemption from the requirement is necessary in connection with legal proceedings, for the purposes of obtaining legal advice or is otherwise necessary to establish, exercise or defend legal rights.
Regulation 30 allows a claim for damages to be brought in respect of contraventions of the Regulations.
Regulations 31 and 32 make provision in connection with the enforcement of the Regulations by the Information Commissioner (who is the Commissioner appointed under section 6 of the Data Protection Act 1998).
Regulation 33 imposes a duty on OFCOM to comply with any reasonable request made by the Commissioner for advice on technical matters relating to electronic communications.
Regulation 34 amends the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 and regulation 35 amends the Electronic Communications (Universal Service) Order 2003.
Regulation 36 provides for the transitional provisions in Schedule 2 to have effect.
A transposition note setting out how the main elements of the Directive are transposed into law and a regulatory impact assessment have been placed in the libraries of both Houses of Parliament. Copies are also available from the Department of Trade and Industry, Bay 202, 151 Buckingham Palace Road, London SW1W 9SS and can also be found on www.dti.gov.uk.