EU-28: Adopted ePrivacy Directive 2002/58/EC containing data governance measures

The Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector is adopted by the EU Parliament and the Council of the EU. The Directive establishes rules to ensure security in the processing of personal data (restricting access to personal data, protecting them from being destroyed and ensuring the implementation of a security policy), the notification of personal data breaches (that must be provided within 24 hours to national authorities), and the confidentiality of communications (prohibiting any type of surveillance without users' consent). Moreover, obtaining the users' consent is mandatory to send unsolicited communications (spam), store information through the use of cookies and insert telephone numbers, e-mail addresses or postal addresses in public directories.