Unlock the Future of Digital Connectivity

Empowering Your Digital Experience

Explore the forefront of digital innovation with our comprehensive solutions designed to enhance connectivity and user engagement.

Understanding ETSI EG 202 057-1

ETSI EG 202 057-1 version 1.3.1 plays a pivotal role in ensuring the interoperability of digital consumer equipment across Europe. This standard provides guidelines that facilitate seamless communication and functionality between various digital devices, promoting a unified digital ecosystem. By adhering to these standards, manufacturers can guarantee that their products meet the necessary requirements for compatibility and performance, ultimately enhancing the consumer experience.

Key Interoperability Features

Common Scrambling Algorithm

Ensures that all digital television equipment can decode signals using a standardized European algorithm, enhancing security and accessibility.

Open Interface Socket

Equipped with standardized interface sockets, enabling easy connection of peripherals and ensuring compatibility with additional devices.

Digital Signal Compatibility

Supports the transmission and reception of digital signals, including interactive and conditionally accessed services, for a comprehensive viewing experience.

Understanding Data Retention Policies

Our data retention policies ensure that your information is stored securely and only for as long as necessary to provide our services effectively.

How is my personal data handled?

Your personal data is handled with the utmost care, following strict protocols to ensure privacy and security at all times.

What rights do I have over my data?

You have the right to access, modify, or request the deletion of your personal data at any time, subject to certain legal obligations.

How long is my data retained?

Data is retained for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Can I request data deletion?

Yes, you can request the deletion of your personal data, except for information we are required to keep for legal reasons.

Who can access my data?

Access to your data is restricted to authorized personnel only, ensuring that your information remains confidential.

Is my data shared with third parties?

We do not share your data with third parties without your consent, except as required by law or to provide our services.

How is my data protected?

We use advanced security measures, including encryption and secure servers, to protect your data from unauthorized access.

What happens if there is a data breach?

In the event of a data breach, we will notify you promptly and take all necessary steps to mitigate any potential harm.

How can I update my data?

You can update your personal data through your account settings or by contacting our support team for assistance.

The Role of Common Scrambling Algorithms

Common scrambling algorithms are crucial for ensuring the secure transmission of digital television signals. These algorithms allow for the descrambling of encrypted content, enabling authorized users to access broadcasts without compromising security. By adhering to standardized algorithms, broadcasters can ensure compatibility across different devices and platforms, facilitating a seamless viewing experience for consumers.

Importance of Standardization

Standardization of scrambling algorithms is essential for interoperability among digital television devices. It ensures that consumers can access a wide range of content without being restricted by proprietary technologies. This standardization promotes competition and innovation in the market, benefiting both consumers and service providers.

Impact on Consumer Experience

The implementation of common scrambling algorithms enhances the consumer experience by providing reliable access to digital content. It ensures that users can enjoy high-quality broadcasts without interruption, regardless of their location or the device they are using. This consistency is vital for maintaining consumer trust and satisfaction.

Interface Requirements for Television Sets

Modern television sets, both analogue and digital, are required to include specific interface sockets to ensure compatibility with various peripherals. These interfaces allow for the connection of additional devices, such as decoders and digital receivers, enhancing the functionality of the television.

Analogue Television Standards

Analogue televisions with screens larger than 42 cm must include at least one open interface socket. This requirement ensures that users can easily connect external devices, facilitating access to a broader range of content and services.

Digital Television Connectivity

Digital televisions with screens over 30 cm must be equipped with open interface sockets that comply with recognized standards. These sockets enable seamless integration with peripherals, supporting the full range of digital television signals and interactive services.

Enhancing User Experience

The inclusion of standardized interface sockets in television sets is crucial for enhancing the user experience. It allows consumers to customize their viewing setup, ensuring access to the latest entertainment technologies and services.

GDPR

Cookies

What Are Cookies?

Cookies are small data files, typically stored as text files, that websites place on visitors’ computers to store various types of information specific to that visitor—or more accurately, the device they are using, such as a browser or mobile phone.

These files were developed to address a limitation in web technology: web pages are “stateless,” meaning they lack memory and struggle to share information with one another. Cookies serve as a form of memory for web pages.

They enable functionalities such as logging in on one page and remaining logged in while navigating through other pages. Cookies also allow users to set preferences for how a page is displayed, ensuring those settings are remembered during subsequent visits.

Additionally, cookies can track the pages you visit across different sites, which enables advertisers to create a profile of your interests. This information allows them to tailor ads to you when you visit sites that display their advertisements, a practice known as “behavioral advertising.”

Nearly all websites utilize cookies in some capacity, and each page you visit writes cookies to your computer while also receiving them back.

While cookies are highly beneficial—enabling modern websites to function with increasing levels of personalization and interactive features—they can also manipulate your web experience in unexpected ways. This manipulation may benefit you or serve the interests of others, including businesses or organizations you may have never interacted with or even heard of.

Determining whether specific cookies are advantageous for you or another party is not possible just by inspecting them; you must rely on the website to disclose how it uses cookies.

To learn more about the different types of cookies and other tracking technologies, continue exploring.

Types of Cookies

Cookies come in various types and serve different purposes, but they can generally be categorized in several ways.

First Party Cookies

One of the key characteristics of a cookie is its ‘Host’—the domain name of the site that sets the cookie. Only the host domain can access and read the cookie once it has been established.

If the host name matches the domain displayed in the browser’s address bar at the time the cookie is set or retrieved, it is classified as a First Party Cookie.

These cookies are created and accessed solely by the website you are visiting, which means they typically cannot be used to track activity or share data across different sites. However, the website owner can still collect data through these cookies and use it to modify the website’s appearance or content for the user. Additionally, they may use this data outside of their website or even sell it to other organizations, but such practices must be disclosed in the site’s privacy policy.

Most desktop browsers allow users to view a list of cookies that have been set, usually organized by the host domain.

Third Party Cookies

If the host domain of a cookie differs from the one shown in the browser address bar when it is downloaded, it is considered a Third Party Cookie.

These cookies are typically added to a website through scripts or tags integrated into the web page. Sometimes, these scripts provide additional functionalities, such as enabling content sharing on social networks.

For instance, if you visit a site that includes a YouTube video, the website owner has embedded code from YouTube. Consequently, YouTube can set cookies via this code, enabling it to know if you have watched the video or merely visited the page hosting it.

The most common use of Third Party Cookies is in online advertising. By placing their tags on a webpage, advertisers can track a user’s activity across multiple websites, allowing them to build a “behavioral profile.” This profile is then used to target users with ads based on their inferred interests, a practice often viewed as intrusive and a violation of privacy rights. Such concerns have driven the development of new privacy laws, including the EU Cookie Law.

Session Cookies

Session Cookies are temporarily stored in the browser’s memory and are deleted when the browser is closed, although they may persist while navigating away from the originating website.

For example, if you find yourself needing to log in each time you open your browser and revisit a site, that site is likely using a session cookie to store your login information.

Many websites rely on session cookies for essential functions and to ensure pages load quickly and efficiently.

Persistent Cookies

As the name suggests, Persistent Cookies remain on your computer even after you close the browser, allowing them to be accessed upon your next visit.

These cookies are created with an expiry date. Once this date is reached, the cookie is deleted. If no expiry date is set, the cookie defaults to a session cookie.

Typically, the expiry date is calculated from the time the cookie is created, plus a designated duration specified by the developer. There is no strict limit on how far into the future this expiry date can be set; it could potentially be decades away. Furthermore, if you revisit a website that has issued a persistent cookie, it may update the cookie with a new expiry date.

If you log into a website, shut down your computer, and return to find you’re still logged in, it indicates the use of a persistent cookie to remember your session.

Persistent cookies are also utilized to track user behavior as they navigate a site, gathering data to help improve user experience—a practice known as Web Analytics. Since Google provides analytics technology free to website owners, nearly all sites utilize some form of it, although there are also paid alternatives available.

Analytics cookies represent one of the most common types of persistent cookies in use today. Interestingly, persistent cookies can sometimes have a shorter lifespan than session cookies, as they can be programmed to expire shortly after being set, while session cookies remain active until the browser is closed.

Secure Cookies

Secure Cookies are transmitted only via HTTPS, commonly found on the checkout pages of online shopping sites.

This encryption ensures that any data contained within the cookie is protected as it travels between the website and the browser. Cookies used by e-commerce sites to store credit card information or facilitate transactions are typically secure, but other types of cookies can also be designated as secure.

HTTP Only Cookies

When a cookie is marked with the HTTP Only attribute, the browser restricts access to its contents from client-side scripts (like JavaScript).

This feature helps protect the cookie from cross-site scripting (XSS) attacks, where a malicious script attempts to exfiltrate the cookie data to a third-party website.

Online Tracking Technologies

While cookies are the most recognized and prevalent form of web tracking technology, many websites, advertisers, and analytics tools employ various other methods to track users and monitor website performance. Here are some examples of alternative tracking technologies.

Web Beacons and Pixels

Web beacons, also known as pixel tags, are tiny, transparent images (usually 1 pixel by 1 pixel) embedded in websites or emails to track user behavior. They are often used alongside cookies.

These beacons function by sending information back to the web server when the image is requested. For instance, when a browser connects to a site containing a web beacon, it requests the server to download the image. This request can include details such as the user’s IP address, browser type, access time, and any previously set cookies.

Web beacons help websites analyze user navigation and improve content personalization and browsing efficiency. If cookies are disabled, web beacons can still account for anonymous visits but won’t track specific user behavior.

Fingerprinting

Fingerprinting is a tracking method often used in conjunction with web beacons. This technique identifies users based on specific information about their devices, browsers, languages, plugins, and other settings, even when cookies are disabled. The unique combination of these attributes can effectively identify individual users.

Local Storage Objects

Local Storage Objects (LSOs) function similarly to cookies, as they are stored in the user’s browser and can hold information. They can store much of the same data as cookies but differ in several key ways: LSOs do not have expiration dates, store information as key-value pairs, and can accommodate larger data volumes compared to cookies.

Super Cookies

The term “Super Cookie” (or Supercookie) refers to tracking technologies that are not standard HTTP cookies and are stored differently on a user’s device. These cookies are more challenging to detect and remove because they cannot be eliminated through standard privacy settings in most browsers.

Adobe Flash applications, for instance, often utilize local file storage for performance optimization, and these files, known as Local Storage Objects, can also serve tracking purposes, leading to their classification as “supercookies.”

Zombie Cookies

Zombie cookies are technologies designed to recreate regular HTTP cookies after users have deleted them. This practice aims to bypass users’ efforts to manage their privacy, making it widely criticized. In many cases, the use of zombie cookies could violate privacy laws and regulations, although their prevalence is relatively low.

Ultrasound Beacons

Ultrasound Beacons emit inaudible signals from devices such as TVs and smartphones to track users beyond the web. For example, a TV advertisement might send out a low-frequency signal that humans cannot hear, while a smartphone app can detect this signal to confirm that a user has viewed a specific commercial.

These beacons also bridge the physical and digital worlds. For instance, an ultrasonic beacon installed in a store can enable apps to identify if a user has visited the location, allowing for targeted advertising based on their proximity.

The Benefits of Cookies

Cookies serve various purposes that significantly enhance the web experience, primarily revolving around one key concept: personalization.

A prime example of this is the online retailer Amazon. As you browse and shop, Amazon gathers insights into your product preferences and purchasing habits. This information allows the site to suggest items you might like, streamlining your shopping experience in a vast marketplace.

When you log into your Amazon account and remain signed in, the site remembers you upon your return—often greeting you by name. It also retains any items you’ve added to your shopping cart but haven’t yet purchased, making it quicker and easier to check out.

While these features ultimately benefit Amazon by increasing sales, they also enhance the user experience.

In fact, online shopping would be cumbersome without cookies. Without them, logging into a website would require you to reintroduce yourself on every page, which would be incredibly tedious.

Cookies can also personalize websites in various other ways beyond shopping. For instance, they can remember user preferences, such as a larger font size for readability. A news site might recall your interests and promote relevant stories on the homepage, enhancing your engagement.

Additionally, cookies have more subtle yet valuable applications, particularly in the realm of analytics.

Analytics

Websites utilize cookies to gauge the popularity of their various pages and even specific sections within those pages. They track nearly every visitor, monitoring details such as entry points, referral sources, the sequence of pages viewed, links clicked, time spent on each page, and exit points.

Some services can even identify which parts of a page capture users’ attention without requiring clicks. They achieve this by tracking the mouse pointer’s location, as many users tend to hover their cursor near the content they are viewing.

The process of aggregating this data into actionable insights is referred to as “web analytics.” This analysis provides website owners with a clear understanding of user behavior, highlighting which pages are most and least popular and how these patterns evolve over time. Armed with this information, they can refine their sites to align more closely with visitor preferences, ultimately enhancing content and services to better meet user needs.

However, it’s important to note that cookies also raise several privacy concerns that users should be aware of.

Cookies and Online Privacy

While cookies play a vital role in the functioning of the modern internet, their introduction has sparked an ongoing debate regarding their impact on user privacy.

Cookies serve as a means for websites and their owners to store and retrieve information about users and their interactions with the site. This data can be used to customize what users see or to record their activities, such as the pages they visit and the time spent on the site.

Although cookies are integral to enhancing the web experience, their usage raises several privacy concerns.

Storing Personally Identifiable Information

Cookies can store personal data, ranging from names and email addresses to unique user identifiers, which may simply be random strings of letters and numbers. This information may be voluntarily provided by users during registration, login, or through order forms, or it may be uniquely assigned by the website. While this practice can be acceptable if the information is secured and stored temporarily, many times it is not, increasing the risk of interception by malicious software, especially on shared computers.

Tracking User Behavior

The most prevalent privacy concern surrounding cookies is their use for tracking users across different websites, particularly through third-party cookies primarily employed for advertising. This tracking often involves placing invisible tags on web pages that set cookies.

When users visit another site that contains the same tag, it notifies advertisers about the last site the user visited when the cookie was created. By aggregating this data across multiple sites, advertisers can build profiles based on users’ browsing histories, allowing them to serve targeted ads aligned with perceived interests.

In most cases, advertisers target browsers rather than individuals, as they typically do not know who the user is. However, since many people log into the same browser regularly, the results can be highly personalized. If someone else uses your computer without a separate profile, they may see ads intended for you, potentially revealing sensitive information about your browsing habits.

Free Content

Advertising revenue supports much of the free content available online, a fact many users understand and accept. However, there are others who feel this practice occurs without their consent.

Moreover, the companies collecting this data are often not the same ones whose websites users visit. These companies not only collect data but also sell it to other organizations, gathering and aggregating information without the awareness of most users—an aspect that many find objectionable.

The sophistication of tracking and profiling methods is also increasing, with some data linked to real-world identities, such as names and addresses. This escalation heightens privacy risks, particularly if such information is stolen or lost.

Privacy Regulation

In response to these concerns, lawmakers are beginning to implement regulations to control these practices. One notable example is the EU cookie directive, which mandates that websites disclose their cookie usage and obtain user consent.

Although the implementation of this directive is inconsistent, it has begun to raise consumer awareness, potentially creating market pressure for greater transparency and user choice.

The EU is also working towards a harmonized Data Protection Regulation, which may necessitate explicit user consent for the use of third-party cookies.

Do Not Track

A recent initiative is the establishment of a “Do Not Track” (DNT) standard for the internet. This would allow users to signal their browsers not to record their behavior, and websites would be required to honor this request.

However, there is still considerable debate over what DNT actually entails, with various lobby groups advocating for their respective positions.

 

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 3- day.

About the EU Cookie Law

The EU Cookie Law, often referred to as the “Cookie Directive,” is governed by Directive 2009/136/EC of the European Parliament and Council. This directive outlines the requirements for obtaining user consent for cookies within the European Union.

Directive 2009/136/EC is an amendment to Directive 2002/58/EC, which addresses data protection and privacy in online and electronic communications. The updated directive became effective on May 25, 2011.

The directive is approximately 26 pages long, but the key section on cookies can be found on page 20:

“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.”

In simpler terms, this means that before any data can be stored on or retrieved from a device such as a computer, mobile phone, or tablet, users must provide informed consent. The goal is to enhance user privacy and prevent organizations from collecting data without the user’s knowledge.

The directive also references an earlier EU regulation on data protection, Directive 95/46/EC.

About EU Directives

EU directives, such as the Cookie Directive, are not laws themselves but require EU member states to implement local laws that fulfill the directive’s requirements. If member states fail to enact such laws, the EU has the authority to take legal action against them. For example, in 2012, five EU countries faced legal proceedings for not implementing local cookie laws.

For more details on local regulations, you can refer to resources about cookie laws in the UK and across Europe.

Cookie Laws Across Europe

Each European Union (EU) member state is required to adapt its national legislation to implement the EU Cookie Directive. While all countries are mandated to follow the same directive, they have done so at different times and in varied ways, leading to differences in the specific legal requirements from country to country. This overview highlights how the Cookie Directive has been implemented across Europe.

While we strive to provide up-to-date information, verifying developments in certain countries can be challenging. Contributions to help maintain the accuracy of this information are welcome.

Austria

Austria implemented the directive through its Telecommunications Act, which came into effect in November 2011. The law addressing cookies is detailed in Section 96.3, though there is currently no clear guidance on how to comply.

Belgium

Belgium passed a new law on electronic communications on June 28, 2012, implementing the directive. While the law encourages obtaining explicit consent before setting cookies, implied consent is considered valid. Browser controls are not recognized as a form of consent. The Belgian Data Protection Commission is pushing for clarification on:

  • Which tracking technologies require consent
  • The type of information that should be provided to users for consent to be valid
  • How to manage third-party tracking.

Bulgaria

Bulgaria’s cookie law took effect on December 29, 2011, requiring websites to provide information about cookies and allow users the option to refuse them. The Consumer Protection Commission is responsible for enforcement.

Croatia

Although not yet an EU member at the time, Croatia adopted the EU directive in preparation for its membership. Croatian law requires explicit consent for cookies.

Czech Republic

The law is in effect, but there is currently no specific guidance for website owners on compliance.

Cyprus

No available information.

Denmark

The law came into force in December 2011. Denmark requires that detailed information be provided to site visitors about cookies, and browser-based consent is not valid. However, implied consent is acceptable. The Danish Business Authority is responsible for enforcement, and the Danish Media trade association is working on a self-regulation program for cookie usage.

Estonia

Estonia notified the EU that its Electronic Communications Act complies with the Privacy Directive, though the law itself has not been amended. The law includes a “right to refuse” approach, with the Ministry of Economics overseeing the legislation.

Finland

Finland has implemented the directive, and valid consent can be provided via browser settings.

France

French law, enforced by the French Data Protection Authority (CNIL), requires explicit consent for cookies. However, first-party analytics cookies are exempt from prior consent under certain conditions, such as clear notification to visitors and the provision of opt-out mechanisms. French law allows for potential criminal sanctions, including imprisonment, for cookie law violations, although such penalties are rarely applied.

Germany

Germany maintains that its existing laws were sufficient to comply with the directive, though draft legislation to further implement the directive was under consideration as of September 2012. Current rules require opt-in consent for cookies that collect personal information, but opt-out is sufficient for others. Germany’s federal system means that enforcement is carried out by data protection authorities in each state.

Greece

The law came into effect on April 10, 2012, transposing the directive into Greek Law 4070/2012. Browser settings are considered valid for consent, but the Greek Data Protection Authority has the power to define the consent process.

Hungary

A new law, effective from July 3, 2011, relaxed Hungary’s previous cookie requirements by removing the necessity for prior consent. The relevant changes are found in Section 155.4 of Act C of 2003 on Electronic Communications.

Ireland

The law is in effect, though there is no official guidance on how to comply.

Italy

Italy requires opt-in consent for cookies, as outlined by the Italian Data Protection Authority (Garante). Users must be informed about cookies in advance and give their consent before they are set. Industry consultations are ongoing to determine the best methods for informing consumers.

Latvia

Latvian law is in effect, but browser-based consent is not sufficient.

Lithuania

Lithuania’s cookie law is in force, requiring explicit consent beyond browser settings.

Luxembourg

Luxembourg has implemented the law, and browser-based consent is considered valid.

Malta

No available information.

The Netherlands

The Netherlands requires explicit consent for cookies, with additional provisions for tracking cookies used in behavioral advertising. From January 2013, site owners are responsible for proving that tracking data is not being processed, making enforcement easier. First-party analytics cookies may be used without prior consent under specific conditions.

Norway

While Norway is not an EU member, it is consulting on cookie laws. An opt-out system is expected, with the encouragement of industry-led self-regulation.

Poland

Poland’s cookie law was passed in November 2012 and came into force in early 2013. It mandates that websites provide clear information about cookies and requires consent before any data is stored or retrieved from a user’s device.

Portugal

Portugal’s Law 46/2012, effective August 30, 2012, mandates prior consent for cookies, making it an opt-in model. The Portuguese Data Protection Authority (CNPD) and the telecom regulator (ICP-ANACOM) are responsible for enforcement. Fines for non-compliance can reach up to €5 million.

Romania

The law has not yet been implemented.

Slovakia

The law is in effect, and consent can be provided through browser settings.

Slovenia

Slovenia has not yet enacted the law, and the EU has initiated legal proceedings against the country.

Spain

Spain’s Data Protection Authority (AEPD) issued guidance on April 29, 2013. Cookie notices must be clearly visible, and implied consent is allowed, though silence or inaction is not valid consent.

Sweden

The law came into force on July 1, 2011. The Post and Telecom Authority (PTS) oversees enforcement. While the law does not prescribe specific methods for obtaining consent, it encourages website owners to find suitable methods.

United Kingdom

The law is in effect. See more information on the UK Cookie Law.

Cookie Law in the UK

Privacy and Electronic Communications Regulations

In the UK, the EU Cookie Directive was implemented through the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. These regulations are an amendment to the Privacy and Electronic Communications (EC Directive) Regulations 2003 and came into effect on 26 May 2011, just after the EU deadline.

Key Wording of the UK Regulations

One crucial section of the UK regulations pertains to obtaining user consent for storing or accessing information on their devices:

Confidentiality of Communications

  • 6.—(1): No one shall store or access information stored in a user’s or subscriber’s terminal equipment unless the requirements in paragraph (2) are met.
  • 6.—(2): The requirements are:
  • (a): Clear and comprehensive information must be provided to the user regarding the purpose of storing or accessing information.
  • (b): The user must give their consent.
  • 6.—(3): If a network is used by the same person to access information on multiple occasions, obtaining consent during the initial use is sufficient for compliance.
  • 6.—(3A): Consent can be indicated by the user adjusting their browser settings or using other applications to signal consent.
  • 6.—(4): Paragraph (1) does not apply to:
  • (a): The technical storage or access necessary for communication over an electronic network.
  • (b): Storage or access essential for providing an information society service requested by the user.

In practical terms, this means that a website owner cannot store or access data on a user’s device unless the user has been informed clearly about the purpose of the storage and has given consent. The only exceptions are if the user requests a service that cannot be provided without accessing stored information.

UK Enforcement of the Regulations

The Information Commissioner’s Office (ICO) is responsible for enforcing the cookie regulations in the UK. The ICO has powers to investigate complaints and issue fines of up to £500,000 for serious violations of the law.

However, the ICO has taken a relatively light-touch approach to enforcement. Rather than conducting proactive investigations, it relies on a complaints mechanism. As of Spring 2013, the ICO’s main action has been visually checking websites to ensure they display cookie notifications.

While the ICO can demand that websites update their practices to comply with the law, it has suggested that imposing fines for non-compliance is unlikely. This approach has resulted in many websites either ignoring the regulations or doing the bare minimum to avoid potential legal action.

Some critics argue that this lenient enforcement has weakened online privacy protections, leading to diminished privacy rather than enhancing it as the original directive intended.

Sources of Compliance Guidance for Website Owners

One of the most comprehensive English-language guides to cookie law compliance comes from the UK Information Commissioner’s Office (ICO). The ICO serves as the UK’s Data Protection Authority and is responsible for enforcing the cookie regulations within the UK. While the ICO’s guidance is specifically tailored to UK law, it provides a solid foundation for understanding cookie compliance.

Another significant body offering advice across the EU is the Article 29 Working Party. This group consists of representatives from the data protection authorities of each EU member state. Although their opinions and publications do not carry legal authority, they are considered a key resource for interpreting cookie law and related legislation.

For website owners, one of the most important documents from the Article 29 Working Party is their opinion on the types of cookies that qualify for the “strictly necessary” exemption, which allows certain cookies to be used without requiring user consent.

Cookie Notices and Consent: What You Need to Know

Cookies play a crucial role in the functionality of modern websites, facilitating personalization and social media integration. However, they can also be used in ways that do not benefit visitors. Often, cookies track users across the internet and create detailed profiles that are highly valuable to brands and advertisers for targeted marketing.

This practice is frequently viewed as an invasion of privacy. Since cookies operate quietly in the background, you might not even realize they’re tracking you, nor would you know how to prevent it if desired.

To raise awareness about cookie usage and give users control over their data, the EU implemented privacy legislation in 2011, commonly referred to as the Cookie Law. This law mandates that websites provide clear and comprehensive information regarding their use of cookies, as well as options for users to consent to or decline this use. Websites are legally required to honor your preferences, which may involve blocking unwanted cookies or restricting access to certain site features based on your choices.

Some websites allow you to selectively enable or disable specific types of cookies. However, opting out of certain cookies may limit your ability to fully access or utilize the site’s features.

If you encounter a website that fails to provide adequate information or choices regarding cookie usage, particularly if it is owned by an EU-based company, it could be in violation of the law, and you may take action against the owner.

This website has been created to enhance your understanding of cookies and their application across different sites. You can explore information about your favorite websites, and soon, you will be able to search for specific cookies to learn more about their purposes.

How to File a Complaint About Cookies

Consumers who believe their privacy rights regarding cookies are being violated by a website can file a complaint with their local regulatory authority, typically the Data Protection Authority in their country.

In the UK, this authority is the Information Commissioner’s Office (ICO).

ICO Complaints Tool

The ICO has developed an online tool that allows consumers to report instances of cookie usage without consent.

You can access the tool directly here. The process is anonymous.

Additionally, the ICO provides updated information about cookies on their website, which you can visit here.

Purpose 1: Store and/or Access Information on a Device
Legal Text
Vendors are permitted to:

  • Store and access information on devices, including cookies and device identifiers presented to users.

Purpose 2: Select Basic Ads
Legal Text
To facilitate basic ad selection, vendors can:

  • Use real-time contextual information to display ads, including details about the content and device, such as device type, capabilities, user agent, URL, and IP address.
  • Utilize non-precise geolocation data.
  • Control how frequently ads are shown to users.
  • Determine the sequence in which ads are presented.
  • Prevent ads from being displayed in inappropriate editorial contexts (brand-safe environments).

Vendors cannot:

  • Create a personalized ads profile for future ad selection using this information without a separate legal basis for such profiling.
    Note: Non-precise means only approximate location data is allowed, with a minimum radius of 500 meters.

Purpose 3: Create a Personalized Ads Profile
Legal Text
To develop a personalized ads profile, vendors can:

  • Gather information about users, including their activity, interests, demographic details, and location, to create or modify a user profile for personalized advertising.
  • Combine this information with previously collected data from various websites and apps to create or edit a user profile for advertising purposes.

Purpose 4: Select Personalized Ads
Legal Text
To select personalized ads, vendors can:

  • Choose personalized ads based on user profiles or historical data, including prior activity, interests, site or app visits, location, or demographic information.

Purpose 5: Create a Personalized Content Profile
Legal Text
To create a personalized content profile, vendors can:

  • Collect user information, including activity, interests, site or app visits, demographic details, and location, to create or modify a profile for personalized content.
  • Combine this data with previously collected information from various sources to create or edit a user profile for content personalization.

Purpose 6: Select Personalized Content
Legal Text
To select personalized content, vendors can:

  • Choose content based on user profiles or historical data, including prior activity, interests, site or app visits, location, or demographic information.

Purpose 7: Measure Ad Performance
Legal Text
To measure ad performance, vendors can:

  • Assess whether and how ads were delivered and interacted with by users.
  • Provide reports on ad effectiveness and performance.
  • Offer insights about users who engaged with ads based on observed interaction data.
  • Supply publishers with reports on ads displayed on their platforms.
  • Evaluate whether ads are shown in suitable editorial contexts (brand-safe environments).
  • Determine the percentage of the ad that was viewable and the duration of that visibility.
  • Integrate this information with previously collected data from various sources.

Vendors cannot:

  • Apply audience insights derived from panels or similar methods to ad measurement data without a legal basis for market research (Purpose 9).

Purpose 8: Measure Content Performance
Legal Text
To measure content performance, vendors can:

  • Assess how content was delivered and engaged with by users.
  • Provide measurable reports about users who interacted with the content.
  • Combine this information with previously collected data from various sources.

Vendors cannot:

  • Measure whether and how ads (including native ads) were delivered and interacted with by users.
  • Apply audience insights from panels or similar methods to content performance data without a legal basis for market research (Purpose 9).

Purpose 9: Apply Market Research to Generate Audience Insights
Legal Text
To apply market research for audience insights, vendors can:

  • Provide aggregate reports to advertisers about the audiences reached by their ads using panel-based and similar insights.
  • Offer aggregate reporting to publishers on the audiences interacting with content and/or ads on their platforms by applying similar insights.
  • Link offline data with online users for market research purposes, provided vendors have disclosed the intention to match and combine offline data sources (Feature 1).
  • Combine this information with previously collected data from various sources.

Vendors cannot:

  • Measure the performance and effectiveness of ads served to specific users without a legal basis for measuring ad performance.
  • Assess which content specific users interacted with without a legal basis for measuring content performance.

Purpose 10: Develop and Improve Products
Legal Text
To enhance existing products and develop new ones, vendors can:

  • Utilize information to improve current products by adding new features and creating new products.
  • Develop new models and algorithms through machine learning.

Vendors cannot:

  • Conduct any other data processing activities allowed under different purposes without adhering to this purpose.

Special Purpose 1: Ensure Security, Prevent Fraud, and Debug
Legal Text
To maintain security, prevent fraud, and debug, vendors can:

  • Ensure data is transmitted securely.
  • Detect and prevent malicious, fraudulent, or illegal activities.
  • Ensure the efficient operation of systems, including monitoring and enhancing performance for permitted purposes.

Vendors cannot:

  • Conduct any other data processing activities allowed under different purposes for this purpose. Data used for security and fraud prevention may include automatically collected device characteristics, precise geolocation data, and data from actively scanning device characteristics without separate disclosure or opt-in.

Special Purpose 2: Technically Deliver Ads or Content
Legal Text
To deliver information and respond to technical requests, vendors can:

  • Use a user’s IP address to deliver ads over the internet.
  • Respond to user interactions with ads by directing them to landing pages.
  • Use a user’s IP address to deliver content online.
  • Respond to user interactions with content by directing them to landing pages.
  • Utilize information about device types and capabilities to deliver ads or content appropriately.

Vendors cannot:

  • Conduct any other data processing operations permitted under different purposes for this purpose.

Feature 1: Match and Combine Offline Data Sources
Legal Text
Vendors can:

  • Combine offline data with online data to support one or more Purposes or Special Purposes.

Feature 2: Link Different Devices
Legal Text
Vendors can:

  • Determine that two or more devices belong to the same user or household either deterministically or probabilistically.
  • Actively scan device characteristics for identification if users have permitted such scanning (Special Feature 2).

Feature 3: Receive and Use Automatically-Sent Device Characteristics for Identification
Legal Text
Vendors can:

  • Create identifiers using automatically collected data from devices, such as IP addresses and user-agent strings.
  • Use such identifiers to attempt re-identifying a device.

Vendors cannot:

  • Create identifiers from actively scanning devices for specific characteristics, such as installed fonts or screen resolution, without user opt-in.

Special Feature 1: Use Precise Geolocation Data
Legal Text
Vendors can:

  • Collect and process precise geolocation data for one or more purposes.
    Note: Precise geolocation allows for accurate location data within several meters.

Special Feature 2: Actively Scan Device Characteristics for Identification
Legal Text
Vendors can:

  • Create identifiers using data from actively scanning devices for specific characteristics, such as installed fonts or screen resolution.
  • Use these identifiers to re-identify a device.

Official Journ al of the E uropean Un ion L 337/11
DIRECTIVES
DIRECTIVE 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 25 November 2009
amending Directive 2002/22/EC on universal service and users’ rights relating to electronic
communications networks and services, Directive 2002/58/EC concerning the processing of personal
data and the protection of privacy in the electronic communications sector and Regulation (EC)
No 2006/2004 on cooperation between national authorities responsible for the enforcement of
consumer protection laws
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EURO
PEAN UNION,
Having regard to the Treaty establishing the European Commu
nity, and in particular Article 95 thereof,
Having regard to the proposal from the Commission,
Having regard to the opinion of the European Economic and
Social Committee
( 1 ) OJ C 224, 30.8.2008, p. 50.
(1 ),
Having regard to the opinion of the Committee of the Regions
(2 ) OJ C 257, 9.10.2008, p. 51.
( 2),
Having regard to the opinion of the European Data Protection
Supervisor
(3 ) OJ C 181, 18.7.2008, p. 1.
( 3 ),
Acting in accordance with the procedure laid down in Article 251
of the Treaty
(4 ) Opinion of the European Parliament of 24 September 2008 (not yet
published in the Official Journal), Council Common Position of 16 Feb
ruary 2009 (OJ C 103 E, 5.5.2009, p. 40), Position of the European
Parliament of 6 May 2009 and Council Decision of 26 October 2009.
(4 ),
Whereas:
(1) The functioning of the five directives comprising the exist
ing regulatory framework for electronic communications
networks and services (Directive 2002/19/EC of the Euro
pean Parliament and of the Council of 7 March 2002 on
access to, and interconnection of, electronic communica
tions networks and associated facilities (Access Direc
tive)
(5 ) OJ L 108, 24.4.2002, p. 7.
(5 ), Directive 2002/20/EC of the European Parliament
and of the Council of 7 March 2002 on the authorisation
of electronic communications networks and services
(Authorisation Directive)
(6 ) OJ L 108, 24.4.2002, p. 21.
( 6 ), Directive 2002/21/EC of the
European Parliament and the Council of 7 March 2002 on
a common regulatory framework for electronic communi
cations networks and services (Framework Directive)
( 7 ) OJ L 108, 24.4.2002, p. 33.
( 7 ),
Directive 2002/22/EC (Universal Service Directive)
(8 ) OJ L 108, 24.4.2002, p. 51.
( 8 ) and
Directive 2002/58/EC (Directive on privacy and electronic
communications)
(9 ) OJ L 201, 31.7.2002, p. 37.
( 9 ) (together referred to as ‘the Frame
work Directive and the Specific Directives’)) is subject to
periodic review by the Commission, with a view, in par
ticular, to determining the need for modification in the
light of technological and market developments.
(2) In that regard, the Commission presented its findings in its
Communication to the Council, the European Parliament,
the European Economic and Social Committee and the
Committee of the Regions of 29 June 2006 on the review
of the EU regulatory framework for electronic communi
cations networks and services.
(3) The reform of the EU regulatory framework for electronic
communications networks and services, including the rein
forcement of provisions for end-users with disabilities, rep
resents a key step towards simultaneously achieving a
Single European Information Space and an inclusive infor
mation society. These objectives are included in the strate
gic framework for the development of the information
society as described in the Commission Communication to
the Council, the European Parliament, the European Eco
nomic and Social Committee and the Committee of the
Regions of 1 June 2005 entitled ‘i2010 – A European
Information Society for growth and employment’.
(4) A fundamental requirement of universal service is to pro
vide users on request with a connection to the public com
munications network at a fixed location and at an
affordable price. The requirement is for the provision of
local, national and international telephone calls, facsimile
communications and data services, the provision of which
may be restricted by Member States to the end-user’s
NE9002.21.81
Official Journ al of the E uropean Un ion 18.12.2009
primarylocation or residence. There should be no con
straints on the technical means by which this is provided,
allowing for wired or wireless technologies, nor any con
straints on which operators provide part or all of universal
service obligations.
(5) Data connections to the public communications network
at a fixed location should be capable of supporting data
communications at rates sufficient for access to online ser
vices such as those provided via the public Internet. The
speed of Internet access experienced by a given user may
depend on a number of factors, including the provider(s)
of Internet connectivity as well as the given application for
which a connection is being used. The data rate that can be
supported by a connection to the public communications
network depends on the capabilities of the subscriber’s ter
minal equipment as well as the connection. For this rea
son, it is not appropriate to mandate a specific data or bit
rate at Community level. Flexibility is required to allow
Member States to take measures, where necessary, to
ensure that a data connection is capable of supporting sat
isfactory data rates which are sufficient to permit func
tional Internet access, as defined by the Member States,
taking due account of specific circumstances in national
markets, for instance the prevailing bandwidth used by the
majority of subscribers in that Member State, and techno
logical feasibility, provided that these measures seek to
minimise market distortion. Where such measures result in
an unfair burden on a designated undertaking, taking due
account of the costs and revenues as well as the intangible
benefits resulting from the provision of the services con
cerned, this may be included in any net cost calculation of
universal obligations. Alternative financing of underlying
network infrastructure, involving Community funding or
national measures in accordance with Community law,
may also be implemented.
(6) This is without prejudice to the need for the Commission
to conduct a review of the universal service obligations,
which may include the financing of such obligations, in
accordance with Article 15 of Directive 2002/22/EC (Uni
versal Service Directive), and, if appropriate, to present
proposals for reform to meet public interest objectives.
(7) For the sake of clarity and simplicity, this Directive only
deals with amendments to Directives 2002/22/EC (Univer
sal Service Directive) and 2002/58/EC (Directive on pri
vacy and electronic communications).
(8) Without prejudice to Directive 1999/5/EC of the European
Parliament and of the Council of 9 March 1999 on radio
equipment and telecommunications terminal equipment
and the mutual recognition of their conformity
( 1 ) OJ L 91, 7.4.1999, p. 10.
( 1 ), and in
particular the disability requirements laid down in
Article 3(3)(f) thereof, certain aspects of terminal equip
ment, including consumer premises equipment intended
for disabled end-users, whether their special needs are due
to disability or related to ageing, should be brought within
the scope of Directive 2002/22/EC (Universal Service
Directive) in order to facilitate access to networks and the
use of services. Such equipment currently includes receive-
only radio and television terminal equipment as well as
special terminal devices for hearing-impaired end-users.
(9) Member States should introduce measures to promote the
creation of a market for widely available products and ser
vices incorporating facilities for disabled end-users. This
can be achieved, inter alia, by referring to European stan
dards, introducing electronic accessibility (eAccessibility)
requirements for public procurement procedures and calls
for tender relating to the provision of services, and by
implementing legislation upholding the rights of disabled
end-users.
(10) When an undertaking designated to provide universal ser
vice, as identified in Article 4 of Directive 2002/22/EC
(Universal Service Directive), chooses to dispose of a sub
stantial part, viewed in light of its universal service obliga
tion, or all, of its local access network assets in the national
territory to a separate legal entity under different ultimate
ownership, the national regulatory authority should assess
the effects of the transaction in order to ensure the conti
nuity of universal service obligations in all or parts of the
national territory. To this end, the national regulatory
authority which imposed the universal service obligations
should be informed by the undertaking in advance of the
disposal. The assessment of the national regulatory author
ity should not prejudice the completion of the transaction.
(11) Technological developments have led to substantial reduc
tions in the number of public pay telephones. In order to
ensure technological neutrality and continued access by
the public to voice telephony, national regulatory authori
ties should be able to impose obligations on undertakings
to ensure not only that public pay telephones are provided
to meet the reasonable needs of end-users, but also that
alternative public voice telephony access points are pro
vided for that purpose, if appropriate.
(12) Equivalence in disabled end-users’ access to services should
be guaranteed to the level available to other end-users. To
this end, access should be functionally equivalent, such
that disabled end-users benefit from the same usability of
services as other end-users, but by different means.
NE21/733L
Official Journ al of the E uropean Un ion L 337/13
(13) Definitions need to be adjusted so as to conform to the
principle of technology neutrality and to keep pace with
technological development. In particular, conditions for
the provision of a service should be separated from the
actual definitional elements of a publicly available tele
phone service, i.e. an electronic communications service
made available to the public for originating and receiving,
directly or indirectly, national or national and international
calls through a number or numbers in a national or inter
national telephone numbering plan, whether such a service
is based on circuit switching or packet switching technol
ogy. It is the nature of such a service that it is bidirectional,
enabling both the parties to communicate. A service which
does not fulfil all these conditions, such as for example a
‘click-through’ application on a customer service website,
is not a publicly available telephone service. Publicly avail
able telephone services also include means of communica
tion specifically intended for disabled end-users using text
relay or total conversation services.
(14) It is necessary to clarify that the indirect provision of ser
vices could include situations where originating is made via
carrier selection or pre-selection or where a service pro
vider resells or re-brands publicly available telephone ser
vices provided by another undertaking.
(15) As a result of technological and market evolution, net
works are increasingly moving to ‘Internet Protocol’ (IP)
technology, and consumers are increasingly able to choose
between a range of competing voice service providers.
Therefore, Member States should be able to separate uni
versal service obligations concerning the provision of a
connection to the public communications network at a
fixed location from the provision of a publicly available
telephone service. Such separation should not affect the
scope of universal service obligations defined and reviewed
at Community level.
(16) In accordance with the principle of subsidiarity, it is for the
Member States to decide on the basis of objective criteria
which undertakings are designated as universal service pro
viders, where appropriate taking into account the ability
and the willingness of undertakings to accept all or part of
the universal service obligations. This does not preclude
that Member States may include, in the designation pro
cess, specific conditions justified on grounds of efficiency,
including, inter alia, grouping geographical areas or com
ponents or setting minimum periods for the designation.
(17) National regulatory authorities should be able to monitor
the evolution and level of retail tariffs for services that fall
under the scope of universal service obligations, even
where a Member State has not yet designated an undertak
ing to provide universal service. In such a case, the moni
toring should be carried out in such a way that it would
not represent an excessive administrative burden for either
national regulatory authorities or undertakings providing
such service.
(18) Redundant obligations designed to facilitate the transition
from the regulatory framework of 1998 to that of 2002
should be deleted, together with other provisions that
overlap with and duplicate those laid down in Directive
2002/21/EC (Framework Directive).
(19) The requirement to provide a minimum set of leased lines
at retail level, which was necessary to ensure the contin
ued application of provisions of the regulatory framework
of 1998 in the field of leased lines, which was not suffi
ciently competitive at the time the 2002 framework
entered into force, is no longer necessary and should be
repealed.
(20) To continue to impose carrier selection and carrier pre-
selection directly in Community legislation could hamper
technological progress. These remedies should rather be
imposed by national regulatory authorities as a result of
market analysis carried out in accordance with the proce
dures set out in Directive 2002/21/EC (Framework Direc
tive) and through the obligations referred to in Article 12
of Directive 2002/19/EC (Access Directive).
(21) Provisions on contracts should apply not only to consum
ers but also to other end-users, primarily micro enterprises
and small and medium-sized enterprises (SMEs), which
may prefer a contract adapted to consumer needs. To avoid
unnecessary administrative burdens for providers and the
complexity related to the definition of SMEs, the provi
sions on contracts should not apply automatically to those
other end-users, but only where they so request. Member
States should take appropriate measures to promote aware
ness amongst SMEs of this possibility.
(22) As a consequence of technological developments, other
types of identifiers may be used in the future, in addition
to ordinary forms of numbering identification.
(23) Providers of electronic communications services that allow
calls should ensure that their customers are adequately
informed as to whether or not access to emergency ser
vices is provided and of any limitation on service (such as
a limitation on the provision of caller location information
or the routing of emergency calls). Such providers should
also provide their customers with clear and transparent
information in the initial contract and in the event of any
change in the access provision, for example in billing
NE9002.21.81
Official Journ al of the E uropean Un ion 18.12.2009
information. This information should include any limita
tions on territorial coverage, on the basis of the planned
technical operating parameters of the service and the avail
able infrastructure. Where the service is not provided over
a switched telephony network, the information should also
include the level of reliability of the access and of caller
location information compared to a service that is pro
vided over a switched telephony network, taking into
account current technology and quality standards, as well
as any quality of service parameters specified under Direc
tive 2002/22/EC (Universal Service Directive).
(24) With respect to terminal equipment, the customer contract
should specify any restrictions imposed by the provider on
the use of the equipment, such as by way of ‘SIM-locking’
mobile devices, if such restrictions are not prohibited
under national legislation, and any charges due on termi
nation of the contract, whether before or on the agreed
expiry date, including any cost imposed in order to retain
the equipment.
(25) Without imposing any obligation on the provider to take
action over and above what is required under Community
law, the customer contract should also specify the type of
action, if any, the provider might take in case of security or
integrity incidents, threats or vulnerabilities.
(26) In order to address public interest issues with respect to the
use of communications services and to encourage protec
tion of the rights and freedoms of others, the relevant
national authorities should be able to produce and have
disseminated, with the aid of providers, public interest
information related to the use of such services. This could
include public interest information regarding copyright
infringement, other unlawful uses and the dissemination of
harmful content, and advice and means of protection
against risks to personal security, which may for example
arise from disclosure of personal information in certain cir
cumstances, as well as risks to privacy and personal data,
and the availability of easy-to-use and configurable soft
ware or software options allowing protection for children
or vulnerable persons. The information could be coordi
nated by way of the cooperation procedure established in
Article 33(3) of Directive 2002/22/EC (Universal Service
Directive). Such public interest information should be
updated whenever necessary and should be presented in
easily comprehensible printed and electronic formats, as
determined by each Member State, and on national public
authority websites. National regulatory authorities should
be able to oblige providers to disseminate this standardised
information to all their customers in a manner deemed
appropriate by the national regulatory authorities. When
required by Member States, the information should also be
included in contracts. Dissemination of such information
should however not impose an excessive burden on under
takings. Member States should require this dissemination
by the means used by undertakings in communications
with subscribers made in the ordinary course of business.
(27) The right of subscribers to withdraw from their contracts
without penalty refers to modifications in contractual con
ditions which are imposed by the providers of electronic
communications networks and/or services.
(28) End-users should be able to decide what content they want
to send and receive, and which services, applications, hard
ware and software they want to use for such purposes,
without prejudice to the need to preserve the integrity and
security of networks and services. A competitive market
will provide users with a wide choice of content, applica
tions and services. National regulatory authorities should
promote users’ ability to access and distribute information
and to run applications and services of their choice, as pro
vided for in Article 8 of Directive 2002/21/EC (Framework
Directive). Given the increasing importance of electronic
communications for consumers and businesses, users
should in any case be fully informed of any limiting con
ditions imposed on the use of electronic communications
services by the service and/or network provider. Such
information should, at the option of the provider, specify
the type of content, application or service concerned, indi
vidual applications or services, or both. Depending on the
technology used and the type of limitation, such limita
tions may require user consent under Directive
2002/58/EC (Directive on privacy and electronic
communications).
(29) Directive 2002/22/EC (Universal Service Directive) neither
mandates nor prohibits conditions imposed by providers,
in accordance with national law, limiting end-users’ access
to and/or use of services and applications, but lays down
an obligation to provide information regarding such con
ditions. Member States wishing to implement measures
regarding end-users’ access to and/or use of services and
applications must respect the fundamental rights of citi
zens, including in relation to privacy and due process, and
any such measures should take full account of policy goals
defined at Community level, such as furthering the devel
opment of the Community information society.
(30) Directive 2002/22/EC (Universal Service Directive) does
not require providers to monitor information transmitted
over their networks or to bring legal proceedings against
their customers on grounds of such information, nor does
it make providers liable for that information. Responsibil
ity for punitive action or criminal prosecution is a matter
for national law, respecting fundamental rights and free
doms, including the right to due process.
NE41/733L
Official Journ al of the E uropean Un ion L 337/15
(31) In the absence of relevant rules of Community law, con
tent, applications and services are deemed lawful or harm
ful in accordance with national substantive and procedural
law. It is a task for the Member States, not for providers of
electronic communications networks or services, to decide,
in accordance with due process, whether content, applica
tions or services are lawful or harmful. The Framework
Directive and the Specific Directives are without prejudice
to Directive 2000/31/EC of the European Parliament and
of the Council of 8 June 2000 on certain legal aspects of
information society services, in particular electronic com
merce, in the Internal Market (Directive on electronic com
merce)
( 1 ) OJ L 178, 17.7.2000, p. 1.
(1 ), which, inter alia, contains a ‘mere conduit’ rule
for intermediary service providers, as defined therein.
(32) The availability of transparent, up-to-date and comparable
information on offers and services is a key element for
consumers in competitive markets where several provid
ers offer services. End-users and consumers of electronic
communications services should be able to easily compare
the prices of various services offered on the market based
on information published in an easily accessible form. In
order to allow them to make price comparisons easily,
national regulatory authorities should be able to require
from undertakings providing electronic communications
networks and/or services greater transparency as regards
information (including tariffs, consumption patterns and
other relevant statistics) and to ensure that third parties
have the right to use, without charge, publicly available
information published by such undertakings. National
regulatory authorities should also be able to make price
guides available, in particular where the market has not
provided them free of charge or at a reasonable price.
Undertakings should not be entitled to any remuneration
for the use of information where it has already been pub
lished and thus belongs in the public domain. In addition,
end-users and consumers should be adequately informed
of the price and the type of service offered before they pur
chase a service, in particular if a freephone number is sub
ject to additional charges. National regulatory authorities
should be able to require that such information is provided
generally, and, for certain categories of services determined
by them, immediately prior to connecting the call, unless
otherwise provided for by national law. When determin
ing the categories of call requiring pricing information
prior to connection, national regulatory authorities should
take due account of the nature of the service, the pricing
conditions which apply to it and whether it is offered by a
provider who is not a provider of electronic communica
tions services. Without prejudice to Directive 2000/31/EC
(Directive on electronic commerce), undertakings should
also, if required by Member States, provide subscribers
with public interest information produced by the relevant
public authorities regarding, inter alia, the most common
infringements and their legal consequences.
(33) Customers should be informed of their rights with respect
to the use of their personal information in subscriber direc
tories and in particular of the purpose or purposes of such
directories, as well as their right, free of charge, not to be
included in a public subscriber directory, as provided for in
Directive 2002/58/EC (Directive on privacy and electronic
communications). Customers should also be informed of
systems which allow information to be included in the
directory database but which do not disclose such infor
mation to users of directory services.
(34) A competitive market should ensure that end-users enjoy
the quality of service they require, but in particular cases it
may be necessary to ensure that public communications
networks attain minimum quality levels so as to prevent
degradation of service, the blocking of access and the slow
ing of traffic over networks. In order to meet quality of ser
vice requirements, operators may use procedures to
measure and shape traffic on a network link so as to avoid
filling the link to capacity or overfilling the link, which
would result in network congestion and poor perfor
mance. Those procedures should be subject to scrutiny by
the national regulatory authorities, acting in accordance
with the Framework Directive and the Specific Directives
and in particular by addressing discriminatory behaviour,
in order to ensure that they do not restrict competition. If
appropriate, national regulatory authorities may also
impose minimum quality of service requirements on
undertakings providing public communications networks
to ensure that services and applications dependent on the
network are delivered at a minimum quality standard, sub
ject to examination by the Commission. National regula
tory authorities should be empowered to take action to
address degradation of service, including the hindering or
slowing down of traffic, to the detriment of consumers.
However, since inconsistent remedies can impair the func
tioning of the internal market, the Commission should
assess any requirements intended to be set by national
regulatory authorities for possible regulatory intervention
across the Community and, if necessary, issue comments
or recommendations in order to achieve consistent
application.
(35) In future IP networks, where provision of a service may be
separated from provision of the network, Member States
should determine the most appropriate steps to be taken to
ensure the availability of publicly available telephone ser
vices provided using public communications networks and
uninterrupted access to emergency services in the event of
catastrophic network breakdown or in cases of force
majeure, taking into account the priorities of different
types of subscriber and technical limitations.
NE9002.21.81
Official Journ al of the E uropean Un ion 18.12.2009
(36) In order to ensure that disabled end-users benefit from
competition and the choice of service providers enjoyed by
the majority of end-users, relevant national authorities
should specify, where appropriate and in light of national
conditions, consumer protection requirements to be met
by undertakings providing publicly available electronic
communications services. Such requirements may include,
in particular, that undertakings ensure that disabled end-
users take advantage of their services on equivalent terms
and conditions, including prices and tariffs, as those offered
to their other end-users, irrespective of any additional costs
incurred by them. Other requirements may relate to whole
sale arrangements between undertakings.
(37) Operator assistance services cover a range of different ser
vices for end-users. The provision of such services should
be left to commercial negotiations between providers of
public communications networks and operator assistance
services, as is the case for any other customer support ser
vice, and it is not necessary to continue to mandate their
provision. The corresponding obligation should therefore
be repealed.
(38) Directory enquiry services should be, and frequently are,
provided under competitive market conditions, pursuant
to Article 5 of Commission Directive 2002/77/EC of
16 September 2002 on competition in the markets for
electronic communications networks and services
( 1 ) OJ L 249, 17.9.2002, p. 21.
( 1 ).
Wholesale measures ensuring the inclusion of end-user
data (both fixed and mobile) in databases should comply
with the safeguards for the protection of personal data,
including Article 12 of Directive 2002/58/EC (Directive on
privacy and electronic communications). The cost-oriented
supply of that data to service providers, with the possibil
ity for Member States to establish a centralised mechanism
for providing comprehensive aggregated information to
directory providers, and the provision of network access
under reasonable and transparent conditions, should be
put in place in order to ensure that end-users benefit fully
from competition, with the ultimate aim of enabling the
removal of retail regulation from these services and the
provision of offers of directory services under reasonable
and transparent conditions.
(39) End-users should be able to call and access the emergency
services using any telephone service capable of originating
voice calls through a number or numbers in national tele
phone numbering plans. Member States that use national
emergency numbers besides ‘112’ may impose on under
takings similar obligations for access to such national
emergency numbers. Emergency authorities should be able
to handle and answer calls to the number ‘112’ at least as
expeditiously and effectively as calls to national
emergency numbers. It is important to increase awareness
of ‘112’ in order to improve the level of protection and
security of citizens travelling in the European Union. To
this end, citizens should be made fully aware, when trav
elling in any Member State, in particular through informa
tion provided in international bus terminals, train stations,
ports or airports and in telephone directories, payphone
kiosks, subscriber and billing material, that ‘112’ can be
used as a single emergency number throughout the Com
munity. This is primarily the responsibility of the Member
States, but the Commission should continue both to sup
port and to supplement initiatives of the Member States to
heighten awareness of ‘112’ and periodically to evaluate
the public’s awareness of it. The obligation to provide caller
location information should be strengthened so as to
increase the protection of citizens. In particular, undertak
ings should make caller location information available to
emergency services as soon as the call reaches that service
independently of the technology used. In order to respond
to technological developments, including those leading to
increasingly accurate caller location information, the Com
mission should be empowered to adopt technical imple
menting measures to ensure effective access to ‘112’
services in the Community for the benefit of citizens. Such
measures should be without prejudice to the organisation
of emergency services of Member States.
(40) Member States should ensure that undertakings providing
end-users with an electronic communications service
designed for originating calls through a number or num
bers in a national telephone numbering plan provide reli
able and accurate access to emergency services, taking into
account national specifications and criteria. Network-
independent undertakings may not have control over net
works and may not be able to ensure that emergency calls
made through their service are routed with the same reli
ability, as they may not be able to guarantee service avail
ability, given that problems related to infrastructure are not
under their control. For network-independent undertak
ings, caller location information may not always be tech
nically feasible. Once internationally-recognised standards
ensuring accurate and reliable routing and connection to
the emergency services are in place, network-independent
undertakings should also fulfil the obligations related to
caller location information at a level comparable to that
required of other undertakings.
(41) Member States should take specific measures to ensure that
emergency services, including ‘112’, are equally accessible
to disabled end-users, in particular deaf, hearing-impaired,
speech-impaired and deaf-blind users. This could involve
the provision of special terminal devices for hearing-
impaired users, text relay services, or other specific
equipment.
NE61/733L
Official Journ al of the E uropean Un ion L 337/17
(42) Development of the international code ‘3883’ (the Euro
pean Telephony Numbering Space (ETNS)) is currently hin
dered by insufficient awareness, overly bureaucratic
procedural requirements and, in consequence, lack of
demand. In order to encourage the development of ETNS,
the Member States to which the International Telecommu
nications Union has assigned the international code ‘3883’
should, following the example of the implementation of
the ‘.eu’ top-level domain, delegate responsibility for its
management, number assignment and promotion to an
existing separate organisation, designated by the Commis
sion on the basis of an open, transparent and non-
discriminatory selection procedure. That organisation
should also have the task of developing proposals for pub
lic service applications using ETNS for common European
services, such as a common number for reporting thefts of
mobile terminals.
(43) Considering the particular aspects related to reporting
missing children and the currently limited availability of
such a service, Member States should not only reserve a
number, but also make every effort to ensure that a service
for reporting missing children is actually available in their
territories under the number ‘116000’, without delay. To
that end, Member States should, if appropriate, inter alia,
organise tendering procedures in order to invite interested
parties to provide that service.
(44) Voice calls remain the most robust and reliable form of
access to emergency services. Other means of contact, such
as text messaging, may be less reliable and may suffer from
lack of immediacy. Member States should, however, if they
deem it appropriate, be free to promote the development
and implementation of other means of access to emer
gency services which are capable of ensuring access equiva
lent to voice calls.
(45) Pursuant to its Decision 2007/116/EC of 15 February
2007 on reserving the national numbering range begin
ning with ‘116’ for harmonised numbers for harmonised
services of social value
( 1 ) OJ L 49, 17.2.2007, p. 30.
( 1 ), the Commission has asked
Member States to reserve numbers in the ‘116’ numbering
range for certain services of social value. The appropriate
provisions of that Decision should be reflected in Directive
2002/22/EC (Universal Service Directive) in order to inte
grate them more firmly into the regulatory framework for
electronic communications networks and services and to
facilitate access by disabled end-users.
(46) A single market implies that end-users are able to access all
numbers included in the national numbering plans of other
Member States and to access services using non-geographic
numbers within the Community, including, among others,
freephone and premium rate numbers. End-users should
also be able to access numbers from the European Tele
phone Numbering Space (ETNS) and Universal Interna
tional Freephone Numbers (UIFN). Cross-border access to
numbering resources and associated services should not be
prevented, except in objectively justified cases, for example
to combat fraud or abuse (e.g. in connection with certain
premium-rate services), when the number is defined as
having a national scope only (e.g. a national short code) or
when it is technically or economically unfeasible. Users
should be fully informed in advance and in a clear manner
of any charges applicable to freephone numbers, such as
international call charges for numbers accessible through
standard international dialling codes.
(47) In order to take full advantage of the competitive environ
ment, consumers should be able to make informed choices
and to change providers when it is in their interests. It is
essential to ensure that they can do so without being hin
dered by legal, technical or practical obstacles, including
contractual conditions, procedures, charges and so on.
This does not preclude the imposition of reasonable mini
mum contractual periods in consumer contracts. Number
portability is a key facilitator of consumer choice and effec
tive competition in competitive markets for electronic
communications and should be implemented with the
minimum delay, so that the number is functionally acti
vated within one working day and the user does not expe
rience a loss of service lasting longer than one working
day. Competent national authorities may prescribe the glo
bal process of the porting of numbers, taking into account
national provisions on contracts and technological devel
opments. Experience in certain Member States has shown
that there is a risk of consumers being switched to another
provider without having given their consent. While that is
a matter that should primarily be addressed by law enforce
ment authorities, Member States should be able to impose
such minimum proportionate measures regarding the
switching process, including appropriate sanctions, as are
necessary to minimise such risks, and to ensure that con
sumers are protected throughout the switching process
without making the process less attractive for them.
(48) Legal ‘must-carry’ obligations may be applied to specified
radio and television broadcast channels and complemen
tary services supplied by a specified media service provider.
Member States should provide a clear justification for the
‘must carry’ obligations in their national law so as to ensure
that such obligations are transparent, proportionate and
properly defined. In that regard, ‘must carry’ rules should
be designed in a way which provides sufficient incentives
for efficient investment in infrastructure. ‘Must carry’ rules
should be periodically reviewed in order to keep them
up-to-date with technological and market evolution and in
order to ensure that they continue to be proportionate to
the objectives to be achieved. Complementary services
include, but are not limited to, services designed to improve
accessibility for end-users with disabilities, such as video
text, subtitling, audio description and sign language.
NE9002.21.81
Official Journ al of the E uropean Un ion 18.12.2009
(49) In order to overcome existing shortcomings in terms of
consumer consultation and to appropriately address the
interests of citizens, Member States should put in place an
appropriate consultation mechanism. Such a mechanism
could take the form of a body which would, independently
of the national regulatory authority and service providers,
carry out research into consumer-related issues, such as
consumer behaviour and mechanisms for changing suppli
ers, and which would operate in a transparent manner and
contribute to the existing mechanisms for stakeholder con
sultation. Furthermore, a mechanism could be established
for the purpose of enabling appropriate cooperation on
issues relating to the promotion of lawful content. Any
cooperation procedures agreed pursuant to such a mecha
nism should, however, not allow for the systematic surveil
lance of Internet usage.
(50) Universal service obligations imposed on an undertaking
designated as having universal service obligations should
be notified to the Commission.
(51) Directive 2002/58/EC (Directive on privacy and electronic
communications) provides for the harmonisation of the
provisions of the Member States required to ensure an
equivalent level of protection of fundamental rights and
freedoms, in particular the right to privacy and the right to
confidentiality, with respect to the processing of personal
data in the electronic communications sector, and to
ensure the free movement of such data and of electronic
communications equipment and services in the Commu
nity. Where measures aiming to ensure that terminal equip
ment is constructed so as to safeguard the protection of
personal data and privacy are adopted pursuant to Direc
tive 1999/5/EC or Council Decision 87/95/EEC of
22 December 1986 on standardization in the field of infor
mation technology and telecommunications
( 1 ) OJ L 36, 7.2.1987, p. 31.
( 1), such mea
sures should respect the principle of technology neutrality.
(52) Developments concerning the use of IP addresses should
be followed closely, taking into consideration the work
already done by, among others, the Working Party on the
Protection of Individuals with regard to the Processing of
Personal Data established by Article 29 of Directive
95/46/EC of the European Parliament and of the Council
of 24 October 1995 on the protection of individuals with
regard to the processing of personal data and on the free
movement of such data
(2 ) OJ L 281, 23.11.1995, p. 31.
( 2 ), and in the light of such pro
posals as may be appropriate.
(53) The processing of traffic data to the extent strictly neces
sary for the purposes of ensuring network and information
security, i.e. the ability of a network or an information sys
tem to resist, at a given level of confidence, accidental
events or unlawful or malicious actions that compromise
the availability, authenticity, integrity and confidentiality of
stored or transmitted data, and the security of the related
services offered by, or accessible via, these networks and
systems, by providers of security technologies and services
when acting as data controllers is subject to Article 7(f) of
Directive 95/46/EC. This could, for example, include pre
venting unauthorised access to electronic communications
networks and malicious code distribution and stopping
‘denial of service’ attacks and damage to computer and
electronic communication systems.
(54) The liberalisation of electronic communications networks
and services markets and rapid technological development
have combined to boost competition and economic
growth and resulted in a rich diversity of end-user services
accessible via public electronic communications networks.
It is necessary to ensure that consumers and users are
afforded the same level of protection of privacy and per
sonal data, regardless of the technology used to deliver a
particular service.
(55) In line with the objectives of the regulatory framework for
electronic communications networks and services and with
the principles of proportionality and subsidiarity, and for
the purposes of legal certainty and efficiency for European
businesses and national regulatory authorities alike, Direc
tive 2002/58/EC (Directive on privacy and electronic com
munications) focuses on public electronic communications
networks and services, and does not apply to closed user
groups and corporate networks.
(56) Technological progress allows the development of new
applications based on devices for data collection and iden
tification, which could be contactless devices using radio
frequencies. For example, Radio Frequency Identification
Devices (RFIDs) use radio frequencies to capture data from
uniquely identified tags which can then be transferred over
existing communications networks. The wide use of such
technologies can bring considerable economic and social
benefit and thus make a powerful contribution to the inter
nal market, if their use is acceptable to citizens. To achieve
this aim, it is necessary to ensure that all fundamental
rights of individuals, including the right to privacy and data
protection, are safeguarded. When such devices are con
nected to publicly available electronic communications
networks or make use of electronic communications ser
vices as a basic infrastructure, the relevant provisions of
Directive 2002/58/EC (Directive on privacy and electronic
communications), including those on security, traffic and
location data and on confidentiality, should apply.
(57) The provider of a publicly available electronic communi
cations service should take appropriate technical and
organisational measures to ensure the security of its ser
vices. Without prejudice to Directive 95/46/EC, such mea
sures should ensure that personal data can be accessed
only by authorised personnel for legally authorised pur
poses, and that the personal data stored or transmitted, as
NE81/733L
Official Journ al of the E uropean Un ion L 337/19
well as the network and services,are protected. Moreover,
a security policy with respect to the processing of personal
data should be established in order to identify vulnerabili
ties in the system, and monitoring and preventive, correc
tive and mitigating action should be regularly carried out.
(58) The competent national authorities should promote the
interests of citizens by, inter alia, contributing to ensuring
a high level of protection of personal data and privacy. To
this end, competent national authorities should have the
necessary means to perform their duties, including com
prehensive and reliable data about security incidents that
have led to the personal data of individuals being compro
mised. They should monitor measures taken and dissemi
nate best practices among providers of publicly available
electronic communications services. Providers should
therefore maintain an inventory of personal data breaches
to enable further analysis and evaluation by the competent
national authorities.
(59) Community law imposes duties on data controllers regard
ing the processing of personal data, including an obliga
tion to implement appropriate technical and organisational
protection measures against, for example, loss of data. The
data breach notification requirements contained in Direc
tive 2002/58/EC (Directive on privacy and electronic com
munications) provide a structure for notifying the
competent authorities and individuals concerned when
personal data has nevertheless been compromised. Those
notification requirements are limited to security breaches
which occur in the electronic communications sector.
However, the notification of security breaches reflects the
general interest of citizens in being informed of security
failures which could result in their personal data being lost
or otherwise compromised, as well as of available or advis
able precautions that they could take in order to minimise
the possible economic loss or social harm that could result
from such failures. The interest of users in being notified is
clearly not limited to the electronic communications sec
tor, and therefore explicit, mandatory notification require
ments applicable to all sectors should be introduced at
Community level as a matter of priority. Pending a review
to be carried out by the Commission of all relevant Com
munity legislation in this field, the Commission, in consul
tation with the European Data Protection Supervisor,
should take appropriate steps without delay to encourage
the application throughout the Community of the prin
ciples embodied in the data breach notification rules con
tained in Directive 2002/58/EC (Directive on privacy and
electronic communications), regardless of the sector, or the
type, of data concerned.
(60) Competent national authorities should monitor measures
taken and disseminate best practices among providers of
publicly available electronic communications services.
(61) A personal data breach may, if not addressed in an adequate
and timely manner, result in substantial economic loss and
social harm, including identity fraud, to the subscriber or
individual concerned. Therefore, as soon as the provider of
publicly available electronic communications services
becomes aware that such a breach has occurred, it should
notify the breach to the competent national authority. The
subscribers or individuals whose data and privacy could be
adversely affected by the breach should be notified with
out delay in order to allow them to take the necessary pre
cautions. A breach should be considered as adversely
affecting the data or privacy of a subscriber or individual
where it could result in, for example, identity theft or fraud,
physical harm, significant humiliation or damage to repu
tation in connection with the provision of publicly avail
able communications services in the Community. The
notification should include information about measures
taken by the provider to address the breach, as well as rec
ommendations for the subscriber or individual concerned.
(62) When implementing measures transposing Directive
2002/58/EC (Directive on privacy and electronic commu
nications), the authorities and courts of the Member States
should not only interpret their national law in a manner
consistent with that Directive, but should also ensure that
they do not rely on an interpretation of it which would
conflict with fundamental rights or general principles of
Community law, such as the principle of proportionality.
(63) Provision should be made for the adoption of technical
implementing measures concerning the circumstances, for
mat and procedures applicable to information and notifi
cation requirements in order to achieve an adequate level
of privacy protection and security of personal data trans
mitted or processed in connection with the use of elec
tronic communications networks in the internal market.
(64) In setting detailed rules concerning the format and proce
dures applicable to the notification of personal data
breaches, due consideration should be given to the circum
stances of the breach, including whether or not personal
data had been protected by appropriate technical protec
tion measures, effectively limiting the likelihood of iden
tity fraud or other forms of misuse. Moreover, such rules
and procedures should take into account the legitimate
interests of law enforcement authorities in cases where
early disclosure could unnecessarily hamper the investiga
tion of the circumstances of a breach.
(65) Software that surreptitiously monitors the actions of the
user or subverts the operation of the user’s terminal equip
ment to the benefit of a third party (spyware) poses a seri
ous threat to the privacy of users, as do viruses. A high and
equal level of protection of the private sphere of users
needs to be ensured, regardless of whether unwanted
NE9002.21.81
Official Journ al of the E uropean Un ion 18.12.2009
spying programmes or viruses are inadvertently down
loaded via electronic communications networks or are
delivered and installed in software distributed on other
external data storage media, such as CDs, CD-ROMs or
USB keys. Member States should encourage the provision
of information to end-users about available precautions,
and should encourage them to take the necessary steps to
protect their terminal equipment against viruses and
spyware.
(66) Third parties may wish to store information on the equip
ment of a user, or gain access to information already
stored, for a number of purposes, ranging from the legiti
mate (such as certain types of cookies) to those involving
unwarranted intrusion into the private sphere (such as spy
ware or viruses). It is therefore of paramount importance
that users be provided with clear and comprehensive infor
mation when engaging in any activity which could result
in such storage or gaining of access. The methods of pro
viding information and offering the right to refuse should
be as user-friendly as possible. Exceptions to the obligation
to provide information and offer the right to refuse should
be limited to those situations where the technical storage
or access is strictly necessary for the legitimate purpose of
enabling the use of a specific service explicitly requested by
the subscriber or user. Where it is technically possible and
effective, in accordance with the relevant provisions of
Directive 95/46/EC, the user’s consent to processing may
be expressed by using the appropriate settings of a browser
or other application. The enforcement of these require
ments should be made more effective by way of enhanced
powers granted to the relevant national authorities.
(67) Safeguards provided for subscribers against intrusion into
their privacy by unsolicited communications for direct
marketing purposes by means of electronic mail should
also be applicable to SMS, MMS and other kinds of similar
applications.
(68) Electronic communications service providers make sub
stantial investments in order to combat unsolicited com
mercial communications (spam). They are also in a better
position than end-users in that they possess the knowledge
and resources necessary to detect and identify spammers.
E-mail service providers and other service providers should
therefore be able to initiate legal action against spammers,
and thus defend the interests of their customers, as part of
their own legitimate business interests.
(69) The need to ensure an adequate level of protection of pri
vacy and personal data transmitted and processed in con
nection with the use of electronic communications
networks in the Community calls for effective implemen
tation and enforcement powers in order to provide
adequate incentives for compliance. Competent national
authorities and, where appropriate, other relevant national
bodies should have sufficient powers and resources to
investigate cases of non-compliance effectively, including
powers to obtain any relevant information they might
need, to decide on complaints and to impose sanctions in
cases of non-compliance.
(70) The implementation and enforcement of the provisions of
this Directive often require cooperation between the
national regulatory authorities of two or more Member
States, for example in combating cross-border spam and
spyware. In order to ensure smooth and rapid cooperation
in such cases, procedures relating for example to the quan
tity and format of information exchanged between authori
ties, or deadlines to be complied with, should be defined by
the relevant national authorities, subject to examination by
the Commission. Such procedures will also allow the
resulting obligations of market actors to be harmonised,
contributing to the creation of a level playing field in the
Community.
(71) Cross-border cooperation and enforcement should be rein
forced in line with existing Community cross-border
enforcement mechanisms, such as that laid down in Regu
lation (EC) No 2006/2004 (the Regulation on consumer
protection cooperation)
( 1 ) OJ L 364, 9.12.2004, p. 1.
( 1 ), by way of an amendment to
that Regulation.
(72) The measures necessary for the implementation of Direc
tives 2002/22/EC (Universal Service Directive)
and 2002/58/EC (Directive on privacy and electronic com
munications) should be adopted in accordance with Coun
cil Decision 1999/468/EC of 28 June 1999 laying down
the procedures for the exercise of implementing powers
conferred on the Commission
(2 ) OJ L 184, 17.7.1999, p. 23.
(2 ).
(73) In particular, the Commission should be empowered to
adopt implementing measures on effective access to ‘112’
services, as well as to adapt the Annexes to technical
progress or changes in market demand. It should also be
empowered to adopt implementing measures concerning
information and notification requirements and security of
processing. Since those measures are of general scope and
are designed to amend non-essential elements of Directives
2002/22/EC (Universal Service Directive) and 2002/58/EC
(Directive on privacy and electronic communications) by
supplementing them with new non-essential elements,
they must be adopted in accordance with the regulatory
procedure with scrutiny provided for in Article 5a of Deci
sion 1999/468/EC. Given that the conduct of the regula
tory procedure with scrutiny within the normal time limits
could, in certain exceptional situations, impede the timely
adoption of implementing measures, the European Parlia
ment, the Council and the Commission should act speed
ily in order to ensure the timely adoption of those
measures.
NE02/733L
Official Journ al of the E uropean Un ion L 337/21
(74) When adopting implementing measures on security of
processing, the Commission should consult all relevant
European authorities and organisations (the European Net
work and Information Security Agency (ENISA), the Euro
pean Data Protection Supervisor and the Working Party on
the Protection of Individuals with regard to the Processing
of Personal Data established by Article 29 of Directive
95/46/EC), as well as all other relevant stakeholders, par
ticularly in order to be informed of the best available tech
nical and economic means of improving the
implementation of Directive 2002/58/EC (Directive on pri
vacy and electronic communications).
(75) Directives 2002/22/EC (Universal Service Directive)
and 2002/58/EC (Directive on privacy and electronic com
munications) should therefore be amended accordingly.
(76) In accordance with point 34 of the Interinstitutional Agree
ment on better law-making
( 1 ) OJ C 321, 31.12.2003, p. 1.
(1 ), Member States are encour
aged to draw up, for themselves and in the interests of the
Community, their own tables illustrating, as far as possible,
the correlation between Directives 2002/22/EC (Universal
Service Directive) and 2002/58/EC (Directive on privacy
and electronic communications) and the transposition
measures, and to make them public,
HAVE ADOPTED THIS DIRECTIVE:
Article 1
Amendments to Directive 2002/22/EC (Universal Service
Directive)
Directive 2002/22/EC (Universal Service Directive) is hereby
amended as follows:
1) Article 1 shall be replaced by the following:
‘Article 1
Subject-matter and scope

  1. Within the framework of Directive 2002/21/EC
    (Framework Directive), this Directive concerns the provision
    of electronic communications networks and services to end-
    users. The aim is to ensure the availability throughout the
    Community of good-quality publicly available services
    through effective competition and choice and to deal with
    circumstances in which the needs of end-users are not satis
    factorily met by the market. The Directive also includes pro
    visions concerning certain aspects of terminal equipment,
    including provisions intended to facilitate access for disabled
    end-users.
  2. This Directive establishes the rights of end-users and
    the corresponding obligations of undertakings providing
    publicly available electronic communications networks
    and services. With regard to ensuring provision of universal
    service within an environment of open and competitive mar
    kets, this Directive defines the minimum set of services of
    specified quality to which all end-users have access, at an
    affordable price in the light of specific national conditions,
    without distorting competition. This Directive also sets out
    obligations with regard to the provision of certain mandatory
    services.
  3. This Directive neither mandates nor prohibits condi
    tions, imposed by providers of publicly available electronic
    communications and services, limiting end-users’ access to,
    and/or use of, services and applications, where allowed under
    national law and in conformity with Community law, but
    lays down an obligation to provide information regarding
    such conditions. National measures regarding end-users’
    access to, or use of, services and applications through elec
    tronic communications networks shall respect the funda
    mental rights and freedoms of natural persons, including in
    relation to privacy and due process, as defined in Article 6 of
    the European Convention for the Protection of Human Rights
    and Fundamental Freedoms.
  4. The provisions of this Directive concerning end-users’
    rights shall apply without prejudice to Community rules on
    consumer protection, in particular Directives 93/13/EEC
    and 97/7/EC, and national rules in conformity with Commu
    nity law.’;
    2) Article 2 shall be amended as follows:
    (a) point (b) shall be deleted;
    (b) points (c) and (d) shall be replaced by the following:
    ‘(c) “publicly available telephone service” means a ser
    vice made available to the public for originating and
    receiving, directly or indirectly, national or national
    and international calls through a number or num
    bers in a national or international telephone num
    bering plan;
    (d) “geographic number” means a number from the
    national telephone numbering plan where part of
    its digit structure contains geographic significance
    used for routing calls to the physical location of the
    network termination point (NTP);’;
    (c) point (e) shall be deleted;
    (d) point (f) shall be replaced by the following:
    ‘(f) “non-geographic number” means a number from
    the national telephone numbering plan that is not a
    geographic number. It includes, inter alia, mobile,
    freephone and premium rate numbers.’;
    NE9002.21.81
    Official Journ al of the E uropean Un ion 18.12.2009
    3) Article 4 shall be replaced by the following:
    ‘Article 4
    Provision of access at a fixed location and provision of
    telephone services
  5. Member States shall ensure that all reasonable requests
    for connection at a fixed location to a public communica
    tions network are met by at least one undertaking.
  6. The connection provided shall be capable of support
    ing voice, facsimile and data communications at data rates
    that are sufficient to permit functional Internet access, taking
    into account prevailing technologies used by the majority of
    subscribers and technological feasibility.
  7. Member States shall ensure that all reasonable requests
    for the provision of a publicly available telephone service
    over the network connection referred to in paragraph 1 that
    allows for originating and receiving national and interna
    tional calls are met by at least one undertaking.’;
    4) Article 5(2) shall be replaced by the following:
    ‘2. The directories referred to in paragraph 1 shall com
    prise, subject to the provisions of Article 12 of Directive
    2002/58/EC of the European Parliament and of the Council
    of 12 July 2002 concerning the processing of personal data
    and the protection of privacy in the electronic communica
    tions sector (Directive on privacy and electronic communi
    cations) , all subscribers of publicly available telephone
    services.
    ( * ) OJ L 201, 31.7.2002, p. 37.’;
    5) the title of Article 6 and Article 6(1) shall be replaced by the
    following:
    ‘Public pay telephones and other publics voice tele
    phony access points
  8. Member States shall ensure that national regulatory
    authorities may impose obligations on undertakings in order
    to ensure that public pay telephones or other public voice
    telephony access points are provided to meet the reasonable
    needs of end-users in terms of the geographical coverage, the
    number of telephones or other access points, accessibility to
    disabled end-users and the quality of services.’;
    6) Article 7 shall be replaced by the following:
    ‘Article 7
    Measures for disabled end-users
  9. Unless requirements have been specified under Chap
    ter IV which achieve the equivalent effect, Member States
    shall take specific measures to ensure that access to, and
    affordability of, the services identified in Article 4(3) and
    Article 5 for disabled end-users is equivalent to the level
    enjoyed by other end-users. Member States may oblige
    national regulatory authorities to assess the general need and
    the specific requirements, including the extent and concrete
    form of such specific measures for disabled end-users.
  10. Member States may take specific measures, in the light
    of national conditions, to ensure that disabled end-users can
    also take advantage of the choice of undertakings and service
    providers available to the majority of end-users.
  11. In taking the measures referred to in paragraphs 1
    and 2, Member States shall encourage compliance with the
    relevant standards or specifications published in accordance
    with Articles 17 and 18 of Directive 2002/21/EC (Frame
    work Directive).’;
    7) in Article 8, the following paragraph shall be added:
    ‘3. When an undertaking designated in accordance with
    paragraph 1 intends to dispose of a substantial part or all of
    its local access network assets to a separate legal entity under
    different ownership, it shall inform in advance the national
    regulatory authority in a timely manner, in order to allow
    that authority to assess the effect of the intended transaction
    on the provision of access at a fixed location and of tele
    phone services pursuant to Article 4. The national regulatory
    authority may impose, amend or withdraw specific obliga
    tions in accordance with Article 6(2) of Directive 2002/20/EC
    (Authorisation Directive).’;
    8) Article 9(1) and (2) shall be replaced by the following:
    ‘1. National regulatory authorities shall monitor the evo
    lution and level of retail tariffs of the services identified in
    Articles 4 to 7 as falling under the universal service obliga
    tions and either provided by designated undertakings or
    available on the market, if no undertakings are designated in
    relation to those services, in particular in relation to national
    consumer prices and income.
  12. Member States may, in the light of national conditions,
    require that designated undertakings provide to consumers
    tariff options or packages which depart from those provided
    under normal commercial conditions, in particular to ensure
    that those on low incomes or with special social needs are
    not prevented from accessing the network referred to in
    Article 4(1) or from using the services identified in
    Article 4(3) and Articles 5, 6 and 7 as falling under the uni
    versal service obligations and provided by designated
    undertakings.’;
    NE22/733L
    )*(
    Official Journ al of the E uropean Un ion L 337/23
    9) Article 11(4) shall be replaced by the following:
    ‘4. National regulatory authorities shall be able to set per
    formance targets for undertakings with universal service obli
    gations. In so doing, national regulatory authorities shall take
    account of views of interested parties, in particular as referred
    to in Article 33.’;
    10) the title of Chapter III shall be replaced by the following:
    ‘REGULATORY CONTROLS ON UNDERTAKINGS WITH
    SIGNIFICANT MARKET POWER IN SPECIFIC RETAIL MAR
    KETS’;
    11) Article 16 shall be deleted;
    12) Article 17 shall be amended as follows:
    (a) paragraph 1 shall be replaced by the following:
    ‘1. Member States shall ensure that national regula
    tory authorities impose appropriate regulatory obliga
    tions on undertakings identified as having significant
    market power on a given retail market in accordance
    with Article 14 of Directive 2002/21/EC (Framework
    Directive) where:
    (a) as a result of a market analysis carried out in accor
    dance with Article 16 of Directive 2002/21/EC
    (Framework Directive), a national regulatory
    authority determines that a given retail market iden
    tified in accordance with Article 15 of that Direc
    tive is not effectively competitive; and
    (b) the national regulatory authority concludes that
    obligations imposed under Articles 9 to 13 of Direc
    tive 2002/19/EC (Access Directive) would not result
    in the achievement of the objectives set out in
    Article 8 of Directive 2002/21/EC (Framework
    Directive).’;
    (b) paragraph 3 shall be deleted;
    13) Articles 18 and 19 shall be deleted;
    14) Articles 20 to 23 shall be replaced by the following:
    ‘Article 20
    Contracts
  13. Member States shall ensure that, when subscribing to
    services providing connection to a public communications
    network and/or publicly available electronic communications
    services, consumers, and other end-users so requesting, have
    a right to a contract with an undertaking or undertakings
    providing such connection and/or services. The contract shall
    specify in a clear, comprehensive and easily accessible form
    at least:
    (a) the identity and address of the undertaking;
    (b) the services provided, including in particular,
    — whether or not access to emergency services and
    caller location information is being provided, and
    any limitations on the provision of emergency ser
    vices under Article 26,
    — information on any other conditions limiting access
    to and/or use of services and applications, where
    such conditions are permitted under national law in
    accordance with Community law,
    — the minimum service quality levels offered, namely
    the time for the initial connection and, where appro
    priate, other quality of service parameters, as defined
    by the national regulatory authorities,
    — information on any procedures put in place by the
    undertaking to measure and shape traffic so as to
    avoid filling or overfilling a network link, and infor
    mation on how those procedures could impact on
    service quality,
    — the types of maintenance service offered and cus
    tomer support services provided, as well as the
    means of contacting these services,
    — any restrictions imposed by the provider on the use
    of terminal equipment supplied;
    (c) where an obligation exists under Article 25, the sub
    scriber’s options as to whether or not to include his or
    her personal data in a directory, and the data concerned;
    (d) details of prices and tariffs, the means by which up-to-
    date information on all applicable tariffs and mainte
    nance charges may be obtained, payment methods
    offered and any differences in costs due to payment
    method;
    (e) the duration of the contract and the conditions for
    renewal and termination of services and of the contract,
    including:
    — any minimum usage or duration required to benefit
    from promotional terms,
    — any charges related to portability of numbers and
    other identifiers,
    — any charges due on termination of the contract,
    including any cost recovery with respect to termi
    nal equipment,
    (f) any compensation and the refund arrangements which
    apply if contracted service quality levels are not met;
    NE9002.21.81
    Official Journ al of the E uropean Un ion 18.12.2009
    (g) the means of initiating procedures for the settlement of
    disputes in accordance with Article 34;
    (h) the type of action that might be taken by the undertak
    ing in reaction to security or integrity incidents or threats
    and vulnerabilities.
    Member States may also require that the contract include any
    information which may be provided by the relevant public
    authorities for this purpose on the use of electronic commu
    nications networks and services to engage in unlawful activi
    ties or to disseminate harmful content, and on the means of
    protection against risks to personal security, privacy and per
    sonal data, referred to in Article 21(4) and relevant to the ser
    vice provided.
  14. Member States shall ensure that subscribers have a right
    to withdraw from their contract without penalty upon notice
    of modification to the contractual conditions proposed by
    the undertakings providing electronic communications net
    works and/or services. Subscribers shall be given adequate
    notice, not shorter than one month, of any such modifica
    tion, and shall be informed at the same time of their right to
    withdraw, without penalty, from their contract if they do not
    accept the new conditions. Member States shall ensure that
    national regulatory authorities are able to specify the format
    of such notifications.
    Article 21
    Transparency and publication of information
  15. Member States shall ensure that national regulatory
    authorities are able to oblige undertakings providing public
    electronic communications networks and/or publicly avail
    able electronic communications services to publish transpar
    ent, comparable, adequate and up-to-date information on
    applicable prices and tariffs, on any charges due on termina
    tion of a contract and on standard terms and conditions in
    respect of access to, and use of, services provided by them to
    end-users and consumers in accordance with Annex II. Such
    information shall be published in a clear, comprehensive and
    easily accessible form. National regulatory authorities may
    specify additional requirements regarding the form in which
    such information is to be published.
  16. National regulatory authorities shall encourage the pro
    vision of comparable information to enable end-users and
    consumers to make an independent evaluation of the cost of
    alternative usage patterns, for instance by means of interac
    tive guides or similar techniques. Where such facilities are not
    available on the market free of charge or at a reasonable
    price, Member States shall ensure that national regulatory
    authorities are able to make such guides or techniques avail
    able themselves or through third party procurement. Third
    parties shall have a right to use, free of charge, the informa
    tion published by undertakings providing electronic commu
    nications networks and/or publicly available electronic
    communications services for the purposes of selling or mak
    ing available such interactive guides or similar techniques.
  17. Member States shall ensure that national regulatory
    authorities are able to oblige undertakings providing public
    electronic communications networks and/or publicly avail
    able electronic communications services to inter alia:
    (a) provide applicable tariff information to subscribers
    regarding any number or service subject to particular
    pricing conditions; with respect to individual categories
    of services, national regulatory authorities may require
    such information to be provided immediately prior to
    connecting the call;
    (b) inform subscribers of any change to access to emergency
    services or caller location information in the service to
    which they have subscribed;
    (c) inform subscribers of any change to conditions limiting
    access to and/or use of services and applications, where
    such conditions are permitted under national law in
    accordance with Community law;
    (d) provide information on any procedures put in place by
    the provider to measure and shape traffic so as to avoid
    filling or overfilling a network link, and on how those
    procedures could impact on service quality;
    (e) inform subscribers of their right to determine whether or
    not to include their personal data in a directory, and of
    the types of data concerned, in accordance with
    Article 12 of Directive 2002/58/EC (Directive on privacy
    and electronic communications); and
    (f) regularly inform disabled subscribers of details of prod
    ucts and services designed for them.
    If deemed appropriate, national regulatory authorities may
    promote self- or co-regulatory measures prior to imposing
    any obligation.
  18. Member States may require that the undertakings
    referred to in paragraph 3 distribute public interest informa
    tion free of charge to existing and new subscribers, where
    appropriate, by the same means as those ordinarily used by
    them in their communications with subscribers. In such a
    case, that information shall be provided by the relevant pub
    lic authorities in a standardised format and shall, inter alia,
    cover the following topics:
    (a) the most common uses of electronic communications
    services to engage in unlawful activities or to dissemi
    nate harmful content, particularly where it may preju
    dice respect for the rights and freedoms of others,
    including infringements of copyright and related rights,
    and their legal consequences; and
    NE42/733L
    Official Journ al of the E uropean Un ion L 337/25
    (b) the means of protection against risks to personal secu
    rity, privacy and personal data when using electronic
    communications services.
    Article 22
    Quality of service
  19. Member States shall ensure that national regulatory
    authorities are, after taking account of the views of interested
    parties, able to require undertakings that provide publicly
    available electronic communications networks and/or ser
    vices to publish comparable, adequate and up-to-date infor
    mation for end-users on the quality of their services and on
    measures taken to ensure equivalence in access for disabled
    end-users. That information shall, on request, be supplied to
    the national regulatory authority in advance of its
    publication.
  20. National regulatory authorities may specify, inter alia,
    the quality of service parameters to be measured and the con
    tent, form and manner of the information to be published,
    including possible quality certification mechanisms, in order
    to ensure that end-users, including disabled end-users, have
    access to comprehensive, comparable, reliable and user-
    friendly information. Where appropriate, the parameters,
    definitions and measurement methods set out in Annex III
    may be used.
  21. In order to prevent the degradation of service and the
    hindering or slowing down of traffic over networks, Member
    States shall ensure that national regulatory authorities are
    able to set minimum quality of service requirements on an
    undertaking or undertakings providing public communica
    tions networks.
    National regulatory authorities shall provide the Commis
    sion, in good time before setting any such requirements, with
    a summary of the grounds for action, the envisaged require
    ments and the proposed course of action. This information
    shall also be made available to the Body of European Regu
    lators for Electronic Communications (BEREC). The Commis
    sion may, having examined such information, make
    comments or recommendations thereupon, in particular to
    ensure that the envisaged requirements do not adversely
    affect the functioning of the internal market. National regu
    latory authorities shall take the utmost account of the Com
    mission’s comments or recommendations when deciding on
    the requirements.
    Article 23
    Availability of services
    Member States shall take all necessary measures to ensure the
    fullest possible availability of publicly available telephone ser
    vices provided over public communications networks in the
    event of catastrophic network breakdown or in cases of force
    majeure. Member States shall ensure that undertakings
    providing publicly available telephone services take all nec
    essary measures to ensure uninterrupted access to emergency
    services.’;
    15) the following Article shall be inserted:
    ‘Article 23a
    Ensuring equivalence in access and choice for disabled
    end-users
  22. Member States shall enable relevant national authori
    ties to specify, where appropriate, requirements to be met by
    undertakings providing publicly available electronic commu
    nication services to ensure that disabled end-users:
    (a) have access to electronic communications services
    equivalent to that enjoyed by the majority of end-users;
    and
    (b) benefit from the choice of undertakings and services
    available to the majority of end-users.
  23. In order to be able to adopt and implement specific
    arrangements for disabled end-users, Member States shall
    encourage the availability of terminal equipment offering the
    necessary services and functions.’;
    16) Article 25 shall be amended as follows:
    (a) the title shall be replaced by the following:
    ‘Telephone directory enquiry services’;
    (b) paragraph 1 shall be replaced by the following:
    ‘1. Member States shall ensure that subscribers to
    publicly available telephone services have the right to
    have an entry in the publicly available directory referred
    to in Article 5(1)(a) and to have their information made
    available to providers of directory enquiry services
    and/or directories in accordance with paragraph 2.’;
    (c) paragraphs 3, 4 and 5 shall be replaced by the following:
    ‘3. Member States shall ensure that all end-users pro
    vided with a publicly available telephone service can
    access directory enquiry services. National regulatory
    authorities shall be able to impose obligations and con
    ditions on undertakings that control access of end-users
    for the provision of directory enquiry services in
    accordance with the provisions of Article 5 of
    Directive 2002/19/EC (Access Directive). Such obliga
    tions and conditions shall be objective, equitable, non-
    discriminatory and transparent.
    NE9002.21.81
    Official Journ al of the E uropean Un ion 18.12.2009
  24. Member States shall not maintain any regulatory
    restrictions which prevent end-users in one Member
    State from accessing directly the directory enquiry ser
    vice in another Member State by voice call or SMS, and
    shall take measures to ensure such access in accordance
    with Article 28.
  25. Paragraphs 1 to 4 shall apply subject to the require
    ments of Community legislation on the protection of
    personal data and privacy and, in particular, Article 12
    of Directive 2002/58/EC (Directive on privacy and elec
    tronic communications).’;
    17) Articles 26 and 27 shall be replaced by the following:
    ‘Article 26
    Emergency services and the single European emergency
    call number
  26. Member States shall ensure that all end-users of the ser
    vice referred to in paragraph 2, including users of public pay
    telephones, are able to call the emergency services free of
    charge and without having to use any means of payment, by
    using the single European emergency call number “112” and
    any national emergency call number specified by Member
    States.
  27. Member States, in consultation with national regula
    tory authorities, emergency services and providers, shall
    ensure that undertakings providing end-users with an elec
    tronic communications service for originating national calls
    to a number or numbers in a national telephone numbering
    plan provide access to emergency services.
  28. Member States shall ensure that calls to the single Euro
    pean emergency call number “112” are appropriately
    answered and handled in the manner best suited to the
    national organisation of emergency systems. Such calls shall
    be answered and handled at least as expeditiously and effec
    tively as calls to the national emergency number or numbers,
    where these continue to be in use.
  29. Member States shall ensure that access for disabled end-
    users to emergency services is equivalent to that enjoyed by
    other end-users. Measures taken to ensure that disabled end-
    users are able to access emergency services whilst travelling
    in other Member States shall be based to the greatest extent
    possible on European standards or specifications published in
    accordance with the provisions of Article 17 of Directive
    2002/21/EC (Framework Directive), and they shall not pre
    vent Member States from adopting additional requirements
    in order to pursue the objectives set out in this Article.
  30. Member States shall ensure that undertakings con
    cerned make caller location information available free of
    charge to the authority handling emergency calls as soon as
    the call reaches that authority. This shall apply to all calls to
    the single European emergency call number “112”. Member
    States may extend this obligation to cover calls to national
    emergency numbers. Competent regulatory authorities shall
    lay down criteria for the accuracy and reliability of the caller
    location information provided.
  31. Member States shall ensure that citizens are adequately
    informed about the existence and use of the single European
    emergency call number “112”, in particular through initia
    tives specifically targeting persons travelling between Mem
    ber States.
  32. In order to ensure effective access to “112” services in
    the Member States, the Commission, having consulted
    BEREC, may adopt technical implementing measures. How
    ever, these technical implementing measures shall be adopted
    without prejudice to, and shall have no impact on, the organi
    sation of emergency services, which remains of the exclusive
    competence of Member States.
    Those measures, designed to amend non-essential elements
    of this Directive by supplementing it, shall be adopted in
    accordance with the regulatory procedure with scrutiny
    referred to in Article 37(2).
    Article 27
    European telephone access codes
  33. Member States shall ensure that the “00” code is the
    standard international access code. Special arrangements for
    making calls between locations adjacent to one another
    across borders between Member States may be established or
    continued. End-users in the locations concerned shall be fully
    informed of such arrangements.
  34. A legal entity, established within the Community and
    designated by the Commission, shall have sole responsibility
    for the management, including number assignment, and pro
    motion of the European Telephony Numbering Space
    (ETNS). The Commission shall adopt the necessary imple
    menting rules.
  35. Member States shall ensure that all undertakings that
    provide publicly available telephone services allowing inter
    national calls handle all calls to and from the ETNS at rates
    similar to those applied for calls to and from other Member
    States.’;
    18) the following Article shall be inserted:
    ‘Article 27a
    Harmonised numbers for harmonised services of social
    value, including the missing children hotline number
  36. Member States shall promote the specific numbers in
    the numbering range beginning with “116” identified by
    Commission Decision 2007/116/EC of15 February 2007
    NE62/733L
    Official Journ al of the E uropean Un ion L 337/27
    on reserving the national numbering range beginning with
    “116” for harmonised numbers for harmonised services of
    social value . They shall encourage the provision within
    their territory of the services for which such numbers are
    reserved.
  37. Member States shall ensure that disabled end-users are
    able to access services provided under the “116” numbering
    range to the greatest extent possible. Measures taken to facili
    tate disabled end-users’ access to such services whilst travel
    ling in other Member States shall be based on compliance
    with relevant standards or specifications published in accor
    dance with Article 17 of Directive 2002/21/EC (Framework
    Directive).
  38. Member States shall ensure that citizens are adequately
    informed of the existence and use of services provided under
    the “116” numbering range, in particular through initiatives
    specifically targeting persons travelling between Member
    States.
  39. Member States shall, in addition to measures of general
    applicability to all numbers in the “116” numbering range
    taken pursuant to paragraphs 1, 2, and 3, make every effort
    to ensure that citizens have access to a service operating a
    hotline to report cases of missing children. The hotline shall
    be available on the number “116000”.
  40. In order to ensure the effective implementation of the
    “116” numbering range, in particular the missing children
    hotline number “116000”, in the Member States, including
    access for disabled end-users when travelling in other Mem
    ber States, the Commission, having consulted BEREC, may
    adopt technical implementing measures. However, these
    technical implementing measures shall be adopted without
    prejudice to, and shall have no impact on, the organisation
    of these services, which remains of the exclusive competence
    of Member States.
    Those measures, designed to amend non-essential elements
    of this Directive by supplementing it, shall be adopted in
    accordance with the regulatory procedure with scrutiny
    referred to in Article 37(2).
    ( * ) OJ L 49, 17.2.2007, p. 30.’;
    19) Article 28 shall be replaced by the following:
    ‘Article 28
    Access to numbers and services
  41. Member States shall ensure that, where technically and
    economically feasible, and except where a called subscriber
    has chosen for commercial reasons to limit access by calling
    parties located in specific geographical areas, relevant
    national authorities take all necessary steps to ensure that
    end-users are able to:
    (a) access and use services using non-geographic numbers
    within the Community; and
    (b) access all numbers provided in the Community, regard
    less of the technology and devices used by the operator,
    including those in the national numbering plans of
    Member States, those from the ETNS and Universal
    International Freephone Numbers (UIFN).
  42. Member States shall ensure that the relevant authori
    ties are able to require undertakings providing public com
    munications networks and/or publicly available electronic
    communications services to block, on a case-by-case basis,
    access to numbers or services where this is justified by rea
    sons of fraud or misuse and to require that in such cases pro
    viders of electronic communications services withhold
    relevant interconnection or other service revenues.’;
    20) Article 29 shall be amended as follows:
    (a) paragraph 1 shall be replaced by the following:
    ‘1. Without prejudice to Article 10(2), Member States
    shall ensure that national regulatory authorities are able
    to require all undertakings that provide publicly avail
    able telephone services and/or access to public commu
    nications networks to make available all or part of the
    additional facilities listed in Part B of Annex I, subject to
    technical feasibility and economic viability, as well as all
    or part of the additional facilities listed in Part A of
    Annex I.’;
    (b) paragraph 3 shall be deleted;
    21) Article 30 shall be replaced by the following:
    ‘Article 30
    Facilitating change of provider
  43. Member States shall ensure that all subscribers with
    numbers from the national telephone numbering plan who
    so request can retain their number(s) independently of the
    undertaking providing the service in accordance with the
    provisions of Part C of Annex I.
  44. National regulatory authorities shall ensure that pric
    ing between operators and/or service providers related to the
    provision of number portability is cost-oriented, and that
    direct charges to subscribers, if any, do not act as a disincen
    tive for subscribers against changing service provider.
  45. National regulatory authorities shall not impose retail
    tariffs for the porting of numbers in a manner that would dis
    tort competition, such as by setting specific or common retail
    tariffs.
    NE9002.21.81
    )*(
    Official Journ al of the E uropean Un ion 18.12.2009
  46. Porting of numbers and their subsequent activation
    shall be carried out within the shortest possible time. In any
    case, subscribers who have concluded an agreement to port
    a number to a new undertaking shall have that number acti
    vated within one working day.
    Without prejudice to the first subparagraph, competent
    national authorities may establish the global process of port
    ing of numbers, taking into account national provisions on
    contracts, technical feasibility and the need to maintain con
    tinuity of service to the subscriber. In any event, loss of ser
    vice during the process of porting shall not exceed one
    working day. Competent national authorities shall also take
    into account, where necessary, measures ensuring that sub
    scribers are protected throughout the switching process and
    are not switched to another provider against their will.
    Member States shall ensure that appropriate sanctions on
    undertakings are provided for, including an obligation to
    compensate subscribers in case of delay in porting or abuse
    of porting by them or on their behalf.
  47. Member States shall ensure that contracts concluded
    between consumers and undertakings providing electronic
    communications services do not mandate an initial commit
    ment period that exceeds 24 months. Member States shall
    also ensure that undertakings offer users the possibility to
    subscribe to a contract with a maximum duration of 12
    months.
  48. Without prejudice to any minimum contractual period,
    Member States shall ensure that conditions and procedures
    for contract termination do not act as a disincentive against
    changing service provider.’;
    22) Article 31(1) shall be replaced by the following:
    ‘1. Member States may impose reasonable “must carry”
    obligations, for the transmission of specified radio and tele
    vision broadcast channels and complementary services, par
    ticularly accessibility services to enable appropriate access for
    disabled end-users, on undertakings under their jurisdiction
    providing electronic communications networks used for the
    distribution of radio or television broadcast channels to the
    public where a significant number of end-users of such net
    works use them as their principal means to receive radio and
    television broadcast channels. Such obligations shall only be
    imposed where they are necessary to meet general interest
    objectives as clearly defined by each Member State and shall
    be proportionate and transparent.
    The obligations referred to in the first subparagraph shall be
    reviewed by the Member States at the latest within one year
    of 25 May 2011, except where Member States have carried
    out such a review within the previous two years.
    Member States shall review “must carry” obligations on a
    regular basis.’;
    23) Article 33 shall be amended as follows:
    (a) paragraph 1 shall be replaced by the following:
    ‘1. Member States shall ensure as far as appropriate
    that national regulatory authorities take account of the
    views of end-users, consumers (including, in particular,
    disabled consumers), manufacturers and undertakings
    that provide electronic communications networks
    and/or services on issues related to all end-user and con
    sumer rights concerning publicly available electronic
    communications services, in particular where they have
    a significant impact on the market.
    In particular, Member States shall ensure that national
    regulatory authorities establish a consultation mecha
    nism ensuring that in their decisions on issues related to
    end-user and consumer rights concerning publicly avail
    able electronic communications services, due consider
    ation is given to consumer interests in electronic
    communications.’;
    (b) the following paragraph shall be added:
    ‘3. Without prejudice to national rules in conformity
    with Community law promoting cultural and media
    policy objectives, such as cultural and linguistic diversity
    and media pluralism, national regulatory authorities and
    other relevant authorities may promote cooperation
    between undertakings providing electronic communica
    tions networks and/or services and sectors interested in
    the promotion of lawful content in electronic commu
    nication networks and services. That cooperation may
    also include coordination of the public interest informa
    tion to be provided pursuant to Article 21(4) and the
    second subparagraph of Article 20(1).’;
    24) Article 34(1) shall be replaced by the following:
    ‘1. Member States shall ensure that transparent, non-
    discriminatory, simple and inexpensive out-of-court proce
    dures are available for dealing with unresolved disputes
    between consumers and undertakings providing electronic
    communications networks and/or services arising under this
    Directive and relating to the contractual conditions and/or
    performance of contracts concerning the supply of those net
    works and/or services. Member States shall adopt measures
    to ensure that such procedures enable disputes to be settled
    fairly and promptly and may, where warranted, adopt a sys
    tem of reimbursement and/or compensation. Such proce
    dures shall enable disputes to be settled impartially and shall
    not deprive the consumer of the legal protection afforded by
    national law. Member States may extend these obligations to
    cover disputes involving other end-users.’;
    NE82/733L
    Official Journ al of the E uropean Un ion L 337/29
    25) Article 35 shall be replaced by the following:
    ‘Article 35
    Adaptation of annexes
    Measures designed to amend non-essential elements of this
    Directive and necessary to adapt Annexes I, II, III, and VI to
    technological developments or changes in market demand
    shall be adopted by the Commission in accordance with the
    regulatory procedure with scrutiny referred to in
    Article 37(2).’;
    26) Article 36(2) shall be replaced by the following:
    ‘2. National regulatory authorities shall notify to the Com
    mission the universal service obligations imposed upon
    undertakings designated as having universal service obliga
    tions. Any changes affecting these obligations or of the
    undertakings affected under the provisions of this Directive
    shall be notified to the Commission without delay.’;
    27) Article 37 shall be replaced by the following:
    ‘Article 37
    Committee procedure
  49. The Commission shall be assisted by the Communica
    tions Committee set up under Article 22 of Directive
    2002/21/EC (Framework Directive).
  50. Where reference is made to this paragraph, Article 5a(1)
    to (4) and Article 7 of Decision 1999/468/EC shall apply,
    having regard to the provisions of Article 8 thereof.’;
    28) Annexes I, II, III shall be replaced by the text appearing in
    Annex I to this Directive, and Annex VI shall be replaced by
    the text appearing in Annex II to this Directive;
    29) Annex VII shall be deleted.
    Article 2
    Amendments to Directive 2002/58/EC (Directive on
    privacy and electronic communications)
    Directive 2002/58/EC (Directive on privacy and electronic com
    munications) is hereby amended as follows:
    1) Article 1(1) shall be replaced by the following:
    ‘1. This Directive provides for the harmonisation of the
    national provisions required to ensure an equivalent level of
    protection of fundamental rights and freedoms, and in par
    ticular the right to privacy and confidentiality, with respect to
    the processing of personal data in the electronic communi
    cation sector and to ensure the free movement of such data
    and of electronic communication equipment and services in
    the Community.’;
    2) Article 2 shall be amended as follows:
    (a) point (c) shall be replaced by the following:
    ‘(c) “location data” means any data processed in an elec
    tronic communications network or by an electronic
    communications service, indicating the geographic
    position of the terminal equipment of a user of a
    publicly available electronic communications
    service;’;
    (b) point (e) shall be deleted;
    (c) the following point shall be added:
    ‘(h) “personal data breach” means a breach of security
    leading to the accidental or unlawful destruction,
    loss, alteration, unauthorised disclosure of, or access
    to, personal data transmitted, stored or otherwise
    processed in connection with the provision of a
    publicly available electronic communications ser
    vice in the Community.’;
    3) Article 3 shall be replaced by the following:
    ‘Article 3
    Services concerned
    This Directive shall apply to the processing of personal data
    in connection with the provision of publicly available elec
    tronic communications services in public communications
    networks in the Community, including public communica
    tions networks supporting data collection and identification
    devices.’;
    4) Article 4 shall be amended as follows:
    (a) the title shall be replaced by the following:
    ‘Security of processing’;
    (b) the following paragraph shall be inserted:
    ‘1a. Without prejudice to Directive 95/46/EC, the
    measures referred to in paragraph 1 shall at least:
    — ensure that personal data can be accessed only by
    authorised personnel for legally authorised
    purposes,
    — protect personal data stored or transmitted against
    accidental or unlawful destruction, accidental loss
    or alteration, and unauthorised or unlawful storage,
    processing, access or disclosure, and,
    NE9002.21.81
    Official Journ al of the E uropean Un ion 18.12.2009
    — ensure the implementation of a security policy with
    respect to the processing of personal data,
    Relevant national authorities shall be able to audit the
    measures taken by providers of publicly available elec
    tronic communication services and to issue recommen
    dations about best practices concerning the level of
    security which those measures should achieve.’;
    (c) the following paragraphs shall be added:
    ‘3. In the case of a personal data breach, the provider
    of publicly available electronic communications services
    shall, without undue delay, notify the personal data
    breach to the competent national authority.
    When the personal data breach is likely to adversely
    affect the personal data or privacy of a subscriber or
    individual, the provider shall also notify the subscriber
    or individual of the breach without undue delay.
    Notification of a personal data breach to a subscriber or
    individual concerned shall not be required if the provider
    has demonstrated to the satisfaction of the competent
    authority that it has implemented appropriate techno
    logical protection measures, and that those measures
    were applied to the data concerned by the security
    breach. Such technological protection measures shall
    render the data unintelligible to any person who is not
    authorised to access it.
    Without prejudice to the provider’s obligation to notify
    subscribers and individuals concerned, if the provider
    has not already notified the subscriber or individual of
    the personal data breach, the competent national author
    ity, having considered the likely adverse effects of the
    breach, may require it to do so.
    The notification to the subscriber or individual shall at
    least describe the nature of the personal data breach and
    the contact points where more information can be
    obtained, and shall recommend measures to mitigate the
    possible adverse effects of the personal data breach. The
    notification to the competent national authority shall, in
    addition, describe the consequences of, and the measures
    proposed or taken by the provider to address, the per
    sonal data breach.
  51. Subject to any technical implementing measures
    adopted under paragraph 5, the competent national
    authorities may adopt guidelines and, where necessary,
    issue instructions concerning the circumstances in which
    providers are required to notify personal data breaches,
    the format of such notification and the manner in which
    the notification is to be made. They shall also be able to
    audit whether providers have complied with their noti
    fication obligations under this paragraph, and shall
    impose appropriate sanctions in the event of a failure to
    do so.
    Providers shall maintain an inventory of personal data
    breaches comprising the facts surrounding the breach,
    its effects and the remedial action taken which shall be
    sufficient to enable the competent national authorities to
    verify compliance with the provisions of paragraph 3.
    The inventory shall only include the information neces
    sary for this purpose.
  52. In order to ensure consistency in implementation
    of the measures referred to in paragraphs 2, 3 and 4, the
    Commission may, following consultation with the Euro
    pean Network and Information Security Agency
    (ENISA), the Working Party on the Protection of Indi
    viduals with regard to the Processing of Personal Data
    established by Article 29 of Directive 95/46/EC and the
    European Data Protection Supervisor, adopt technical
    implementing measures concerning the circumstances,
    format and procedures applicable to the information
    and notification requirements referred to in this Article.
    When adopting such measures, the Commission shall
    involve all relevant stakeholders particularly in order to
    be informed of the best available technical and economic
    means of implementation of this Article.
    Those measures, designed to amend non-essential ele
    ments of this Directive by supplementing it, shall be
    adopted in accordance with the regulatory procedure
    with scrutiny referred to in Article 14a(2).’;
    5) Article 5(3) shall be replaced by the following:
    ‘3. Member States shall ensure that the storing of infor
    mation, or the gaining of access to information already
    stored, in the terminal equipment of a subscriber or user is
    only allowed on condition that the subscriber or user con
    cerned has given his or her consent, having been provided
    with clear and comprehensive information, in accordance
    with Directive 95/46/EC, inter alia, about the purposes of the
    processing. This shall not prevent any technical storage or
    access for the sole purpose of carrying out the transmission
    of a communication over an electronic communications net
    work, or as strictly necessary in order for the provider of an
    information society service explicitly requested by the sub
    scriber or user to provide the service.’;
    6) Article 6(3) shall be replaced by the following:
    ‘3. For the purpose of marketing electronic communica
    tions services or for the provision of value added services, the
    provider of a publicly available electronic communications
    service may process the data referred to in paragraph 1 to the
    extent and for the duration necessary for such services or
    NE03/733L
    Official Journ al of the E uropean Un ion L 337/31
    marketing, if the subscriber or user to whom the data relate
    has given his or her prior consent. Users or subscribers shall
    be given the possibility to withdraw their consent for the pro
    cessing of traffic data at any time.’;
    7) Article 13 shall be replaced by the following:
    ‘Article 13
    Unsolicited communications
  53. The use of automated calling and communication sys
    tems without human intervention (automatic calling
    machines), facsimile machines (fax) or electronic mail for the
    purposes of direct marketing may be allowed only in respect
    of subscribers or users who have given their prior consent.
  54. Notwithstanding paragraph 1, where a natural or legal
    person obtains from its customers their electronic contact
    details for electronic mail, in the context of the sale of a prod
    uct or a service, in accordance with Directive 95/46/EC, the
    same natural or legal person may use these electronic con
    tact details for direct marketing of its own similar products
    or services provided that customers clearly and distinctly are
    given the opportunity to object, free of charge and in an easy
    manner, to such use of electronic contact details at the time
    of their collection and on the occasion of each message in
    case the customer has not initially refused such use.
  55. Member States shall take appropriate measures to
    ensure that unsolicited communications for the purposes of
    direct marketing, in cases other than those referred to in
    paragraphs 1 and 2, are not allowed either without the con
    sent of the subscribers or users concerned or in respect of
    subscribers or users who do not wish to receive these com
    munications, the choice between these options to be deter
    mined by national legislation, taking into account that both
    options must be free of charge for the subscriber or user.
  56. In any event, the practice of sending electronic mail for
    the purposes of direct marketing which disguise or conceal
    the identity of the sender on whose behalf the communica
    tion is made, which contravene Article 6 of Directive
    2000/31/EC, which do not have a valid address to which the
    recipient may send a request that such communications cease
    or which encourage recipients to visit websites that contra
    vene that Article shall be prohibited.
  57. Paragraphs 1 and 3 shall apply to subscribers who are
    natural persons. Member States shall also ensure, in the
    framework of Community law and applicable national legis
    lation, that the legitimate interests of subscribers other than
    natural persons with regard to unsolicited communications
    are sufficiently protected.
  58. Without prejudice to any administrative remedy for
    which provision may be made, inter alia, under
    Article 15a(2), Member States shall ensure that any natural or
    legal person adversely affected by infringements of national
    provisions adopted pursuant to this Article and therefore
    having a legitimate interest in the cessation or prohibition of
    such infringements, including an electronic communications
    service provider protecting its legitimate business interests,
    may bring legal proceedings in respect of such infringements.
    Member States may also lay down specific rules on penalties
    applicable to providers of electronic communications ser
    vices which by their negligence contribute to infringements
    of national provisions adopted pursuant to this Article.’;
    8) the following Article shall be inserted:
    ‘Article 14a
    Committee procedure
  59. The Commission shall be assisted by the Communica
    tions Committee established by Article 22 of Directive
    2002/21/EC (Framework Directive).
  60. Where reference is made to this paragraph, Article 5a(1)
    to (4) and Article 7 of Decision 1999/468/EC shall apply,
    having regard to the provisions of Article 8 thereof.
  61. Where reference is made to this paragraph,
    Article 5a(1), (2), (4) and (6) and Article 7 of Decision
    1999/468/EC shall apply, having regard to the provisions of
    Article 8 thereof.’;
    9) in Article 15, the following paragraph shall be inserted:
    ‘1b. Providers shall establish internal procedures for
    responding to requests for access to users’ personal data
    based on national provisions adopted pursuant to para
    graph 1. They shall provide the competent national author
    ity, on demand, with information about those procedures,
    the number of requests received, the legal justification
    invoked and their response.’;
    10) the following Article shall be inserted:
    ‘Article 15a
    Implementation and enforcement
  62. Member States shall lay down the rules on penalties,
    including criminal sanctions where appropriate, applicable to
    infringements of the national provisions adopted pursuant to
    this Directive and shall take all measures necessary to ensure
    that they are implemented. The penalties provided for must
    be effective, proportionate and dissuasive and may be applied
    to cover the period of any breach, even where the breach has
    subsequently been rectified. The Member States shall notify
    those provisions to the Commission by 25 May 2011, and
    shall notify it without delay of any subsequent amendment
    affecting them.
    NE9002.21.81
    L 337/32 EN Official Journ al of the E uropean Un ion 18.12.2009
  63. Without prejudice to any judicial remedy which might
    be available, Member States shall ensure that the competent
    national authority and, where relevant, other national bodies
    have the power to order the cessation of the infringements
    referred to in paragraph 1.
  64. Member States shall ensure that the competent national
    authority and, where relevant, other national bodies have the
    necessary investigative powers and resources, including the
    power to obtain any relevant information they might need to
    monitor and enforce national provisions adopted pursuant to
    this Directive.
  65. The relevant national regulatory authorities may adopt
    measures to ensure effective cross-border cooperation in the
    enforcement of the national laws adopted pursuant to this
    Directive and to create harmonised conditions for the provi
    sion of services involving cross-border data flows.
    The national regulatory authorities shall provide the Com
    mission, in good time before adopting any such measures,
    with a summary of the grounds for action, the envisaged
    measures and the proposed course of action. The Commis
    sion may, having examined such information and consulted
    ENISA and the Working Party on the Protection of Individu
    als with regard to the Processing of Personal Data established
    by Article 29 of Directive 95/46/EC, make comments or rec
    ommendations thereupon, in particular to ensure that the
    envisaged measures do not adversely affect the functioning of
    the internal market. National regulatory authorities shall take
    the utmost account of the Commission’s comments or rec
    ommendations when deciding on the measures.’.
    Article 3
    Amendment to Regulation (EC) No 2006/2004
    In the Annex to Regulation (EC) No 2006/2004 (the Regulation
    on consumer protection cooperation), the following point shall
    be added:
    ‘17. Directive 2002/58/EC of the European Parliament and of the
    Council of 12 July 2002 concerning the processing of per
    sonal data and the protection of privacy in the electronic
    communications sector (Directive on privacy and electronic
    communications): Article 13 (OJ L 201, 31.7.2002, p. 37).’.
    Article 4
    Transposition
  66. Member States shall adopt and publish by 25 May 2011 the
    laws, regulations and administrative provisions necessary to com
    ply with this Directive. They shall forthwith communicate to the
    Commission the text of those measures.
    When Member States adopt those measures, they shall contain a
    reference to this Directive or be accompanied by such a reference
    on the occasion of their official publication. The methods of mak
    ing such reference shall be laid down by the Member States.
  67. Member States shall communicate to the Commission the
    text of the main provisions of national law which they adopt in
    the field covered by this Directive.
    Article 5
    Entry into force
    This Directive shall enter into force on the day following its pub
    lication in the Official Journal of the European Union.
    Article 6
    Addressees
    This Directive is addressed to the Member States.
    Done at Strasbourg, 25 November 2009.
    For the European Parliament
    The President
    J. BUZEK
    For the Council
    The President
    Å. TORSTENSSON
    Official Journ al of the E uropean Un ion L 337/33
    ANNEX I
    ‘ANNEX I
    DESCRIPTION OF FACILITIES AND SERVICES REFERRED TO IN ARTICLE 10 (CONTROL OF
    EXPENDITURE), ARTICLE 29 (ADDITIONAL FACILITIES) AND ARTICLE 30 (FACILITATING CHANGE
    OF PROVIDER)
    Part A: Facilities and services referred to in Article 10
    (a) Itemised billing
    Member States are to ensure that national regulatory authorities, subject to the requirements of relevant legislation on
    the protection of personal data and privacy, may lay down the basic level of itemised bills which are to be provided by
    undertakings to subscribers free of charge in order that they can:
    (i) allow verification and control of the charges incurred in using the public communications network at a fixed loca
    tion and/or related publicly available telephone services; and
    (ii) adequately monitor their usage and expenditure and thereby exercise a reasonable degree of control over their bills.
    Where appropriate, additional levels of detail may be offered to subscribers at reasonable tariffs or at no charge.
    Calls which are free of charge to the calling subscriber, including calls to helplines, are not to be identified in the calling
    subscriber’s itemised bill.
    (b) Selective barring for outgoing calls or premium SMS or MMS, or, where technically feasible, other kinds of similar applications,
    free of charge
    i.e. the facility whereby the subscriber can, on request to the designated undertaking that provides telephone services,
    bar outgoing calls or premium SMS or MMS or other kinds of similar applications of defined types or to defined types
    of numbers free of charge.
    (c) Pre-payment systems
    Member States are to ensure that national regulatory authorities may require designated undertakings to provide means
    for consumers to pay for access to the public communications network and use of publicly available telephone services
    on pre-paid terms.
    (d) Phased payment of connection fees
    Member States are to ensure that national regulatory authorities may require designated undertakings to allow con
    sumers to pay for connection to the public communications network on the basis of payments phased over time.
    (e) Non-payment of bills
    Member States are to authorise specified measures, which are to be proportionate, non-discriminatory and published,
    to cover non-payment of telephone bills issued by undertakings. These measures are to ensure that due warning of any
    consequent service interruption or disconnection is given to the subscriber beforehand. Except in cases of fraud, per
    sistent late payment or non-payment, these measures are to ensure, as far as is technically feasible that any service inter
    ruption is confined to the service concerned. Disconnection for non-payment of bills should take place only after due
    warning is given to the subscriber. Member States may allow a period of limited service prior to complete disconnec
    tion, during which only calls that do not incur a charge to the subscriber (e.g. ‘112’ calls) are permitted.
    NE9002.21.81
    (f) Tariff advice
    i.e. the facility whereby subscribers may request the undertaking to provide information regarding alternative lower-
    cost tariffs, if available.
    (g) Cost control
    i.e. the facility whereby undertakings offer other means, if determined to be appropriate by national regulatory authori
    ties, to control the costs of publicly available telephone services, including free-of-charge alerts to consumers in case of
    abnormal or excessive consumption patterns.
    Part Facilities referred to in Article 29
    (a) Tone dialling or DTMF (dual-tone multi-frequency operation)
    i.e. the public communications network and/or publicly available telephone services supports the use of DTMF tones as
    defined in ETSI ETR 207 for end-to-end signalling throughout the network both within a Member State and between
    Member States.
    (b) Calling-line identification
    i.e. the calling party’s number is presented to the called party prior to the call being established.
    This facility should be provided in accordance with relevant legislation on protection of personal data and privacy, in
    particular Directive 2002/58/EC (Directive on privacy and electronic communications).
    To the extent technically feasible, operators should provide data and signals to facilitate the offering of calling-line iden
    tity and tone dialling across Member State boundaries.
    Part Implementation of the number portability provisions referred to in Article 30
    The requirement that all subscribers with numbers from the national numbering plan, who so request can retain their num
    ber(s) independently of the undertaking providing the service shall apply:
    (a) in the case of geographic numbers, at a specific location; and
    (b) in the case of non-geographic numbers, at any location.
    This Part does not apply to the porting of numbers between networks providing services at a fixed location and mobile
    networks.
    ANNEX II
    INFORMATION TO BE PUBLISHED IN ACCORDANCE WITH ARTICLE 21
    (TRANSPARENCY AND PUBLICATION OF INFORMATION)
    The national regulatory authority has a responsibility to ensure that the information in this Annex is published, in accor
    dance with Article 21. It is for the national regulatory authority to decide which information is to be published by the under
    takings providing public communications networks and/or publicly available telephone services and which information is
    to be published by the national regulatory authority itself, so as to ensure that consumers are able to make informed choices.
  68. Name(s) and address(es) of undertaking(s)
    i.e. names and head office addresses of undertakings providing public communications networks and/or publicly avail
    able telephone services.
  69. Description of services offered
    2.1. Scope of services offered
    9002.21.81noinUnaeporuEehtfolanruoJlaiciffONE43/733L
    :C
    :B
    18.12.2009 EN Official Journ al of the E uropean Un ion L 337/35
    2.2. Standard tariffs indicating the services provided and the content of each tariff element (e.g. charges for access, all types
    of usage charges, maintenance charges), and including details of standard discounts applied and special and targeted
    tariff schemes and any additional charges, as well as costs with respect to terminal equipment.
    2.3. Compensation/refund policy, including specific details of any compensation/refund schemes offered.
    2.4. Types of maintenance service offered.
    2.5. Standard contract conditions, including any minimum contractual period, termination of the contract and procedures
    and direct charges related to the portability of numbers and other identifiers, if relevant.
  70. Dispute settlement mechanisms, including those developed by the undertaking.
  71. Information about rights as regards universal service, including, where appropriate, the facilities and services men
    tioned in Annex I.
    ANNEX III
    QUALITY OF SERVICE PARAMETERS
    Quality-of-Service Parameters, Definitions and Measurement Methods referred to in Articles 11 and 22
    For undertakings providing access to a public communications network
    PARAMETER
    (Note 1) DEFINITION MEASUREMENT METHOD
    Supply time for initial connection ETSI EG 202 057 ETSI EG 202 057
    Fault rate per access line ETSI EG 202 057 ETSI EG 202 057
    Fault repair time ETSI EG 202 057 ETSI EG 202 057
    For undertakings providing a publicly available telephone service
    Call set up time
    (Note 2)
    ETSI EG 202 057 ETSI EG 202 057
    Response times for directory enquiry
    services
    ETSI EG 202 057 ETSI EG 202 057
    Proportion of coin and card operated
    public pay-telephones in working
    order
    ETSI EG 202 057 ETSI EG 202 057
    Bill correctness complaints ETSI EG 202 057 ETSI EG 202 057
    Unsuccessful call ratio
    (Note 2)
    ETSI EG 202 057 ETSI EG 202 057
    Version number of ETSI EG 202 057-1 is 1.3.1 (July 2008)
    Note 1
    Parameters should allow for performance to be analysed at a regional level (i.e. no less than level 2 in the Nomenclature of
    Territorial Units for Statistics (NUTS) established by Eurostat).
    Note 2
    Member States may decide not to require up-to-date information concerning the performance for these two parameters to
    be kept if evidence is available to show that performance in these two areas is satisfactory.’
    L 337/36 EN Official Journ al of the E uropean Un ion 18.12.2009
    ANNEX II
    ‘ANNEX VI
    INTEROPERABILITY OF DIGITAL CONSUMER EQUIPMENT REFERRED TO IN ARTICLE 24
  72. Common scrambling algorithm and free-to-air reception
    All consumer equipment intended for the reception of conventional digital television signals (i.e. broadcasting via ter
    restrial, cable or satellite transmission which is primarily intended for fixed reception, such as DVB-T, DVB-C or DVB-S),
    for sale or rent or otherwise made available in the Community, capable of descrambling digital television signals, is to
    possess the capability to:
    — allow the descrambling of such signals according to a common European scrambling algorithm as administered by
    a recognised European standards organisation, currently ETSI,
    — display signals that have been transmitted in the clear provided that, in the event that such equipment is rented, the
    renter is in compliance with the relevant rental agreement.
  73. Interoperability for analogue and digital television sets
    Any analogue television set with an integral screen of visible diagonal greater than 42 cm which is put on the market for
    sale or rent in the Community is to be fitted with at least one open interface socket, as standardised by a recognised
    European standards organisation, e.g. as given in the Cenelec EN 50 049-1:1997 standard, permitting simple connec
    tion of peripherals, especially additional decoders and digital receivers.
    Any digital television set with an integral screen of visible diagonal greater than 30 cm which is put on the market for
    sale or rent in the Community is to be fitted with at least one open interface socket (either standardised by, or conform
    ing to a standard adopted by, a recognised European standards organisation, or conforming to an industry-wide speci
    fication) e.g. the DVB common interface connector, permitting simple connection of peripherals, and able to pass all the
    elements of a digital television signal, including information relating to interactive and conditionally accessed services.’

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.

Get in Touch for Expert Website Design

Need a professional website tailored to your needs? Reach out to us for expert design services and let us help bring your vision to life. Our team is ready to assist you with all your website creation needs.