4 of 10

 

European Context

Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector is usually referred to as the "E-privacy Directive". It came into force in July 2003 and was put up for review by the European Commission in 2007.

The E-privacy Directive covers processing of personal data and the protection of privacy including provisions on:

-     the security of networks and services;

-     the confidentiality of communications;

-     access to stored data;

-     processing of traffic and location data;

-     calling line identification;

-     public subscriber directories; and

-     unsolicited commercial communications ("spam").

According to Article 2 sub (c) of Regulation (EC) No 45/2001, a personal data filing system refers to "any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis. The size of such a filing system can very greatly. In some cases, such as for instance the case of disciplinary files for a small sized EU-body, the filing system can comprise just a handful of entries.

These directives are normally transposed into national law, but SafeTRIP services will run on a pan-European basis. What if the service platforms legally constituted in one country, the satellite infrastructure in a second country, but the customer is located in a third country?

Figure 2: Each of these elements could be located in a separate country

A situation can easily arise if customers are driving through yet a fourth country. The question is who is responsible for what, regarding which laws of which country?

Do the rules of the customer country apply in case of abuse by the customer, for example when they too tightly monitor their employees?

If part of the system is hacked, and some personal data are corrupted in the service provider country, which rules apply?

If another part of the system is hacked and some personal data is illegally copied on the SafeTRIP service platform, which rules apply? And what if the connection between this platform and the satellite facilities in in a second country suffers a lack of security?

This list of issues is not exhaustive, but it shows the complexity of service provision in the SafeTRIP context, and how it must deal with both the different transpositions of European directive and additional national laws.

4 of 10

SAFETRIP.eu is a project co-funded by the European Commission, DG Research

© Copyright 2012 SafeTRIP