Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent, and amending Directives 2002/20/EC, 2002/21/EC and 2002/22/EC and Regulations (EC) No 1211/2009 and (EU) No 531/2012.
The EDPS recalls that respect for the rights to privacy and the protection of personal data, and for the confidentiality of communications, is crucial to building consumer trust and confidence in the European single market for electronic communications.
In that regard, the EDPS provides the following key recommendations:
- traffic management measures constitute a restriction to net neutrality. Using traffic management for the purposes of implementing a legislative provision or preventing and impeding serious crimes may entail a wide-scale, preventive and systematic monitoring of communications content which would be contrary to the EU Charter of Fundamental Rights, as well as Directive 2002/58/EC and Directive 95/46/EC. Reference to these grounds should be removed from the proposal;
- the proposal should provide clear information on communications inspection techniques that are allowed within the context of traffic management measures;
- whenever sufficient for the achievement of one of the aims set out in that provision, traffic management measures will involve communications inspection techniques based on the sole analysis of the IP-headers, as opposed to those involving Deep Packet Inspection;
- the proposal should require the providers to indicate the communications inspection techniques underlying such traffic management measures, as well as explain the effect of such techniques on end-users’ privacy and data protection rights;
- as regards the powers of national regulatory authorities to, inter alia, supervise the application of traffic management measures, the proposal should include the possibility for the latter to cooperate with national data protection authorities;
- the proposal should be amended to include the requirement for the European virtual broadband access product and the European ASQ connectivity product, respectively, to comply with the principle of data protection by design.