A Telecoms Package  amendment on the processing of traffic data could lead to large-scale deployment of filtering technology, according to a body which advises the European Union on privacy matters, known as the Article 29 Working Party.

The Article 29 Working Party  issued an opinion on the proposals to amend the e-Privacy directive. In the document, it warns  that  the  amendment on the processing of traffic data for security purposes (ePrivacy directive, Article 6.7 in the Council's Common position and Amendment 181 in the European Parliament text) could "lend  legitimacy to large-scale deployment of  deep packet inspection." Deep packet inspection is the technology that facilities filtering, as well as "traffic management" by network operators.

And it reiterates the opinion of the European Data Protection Supervisor (EDPS) that the amendment is unnecessary. The legal basis for network operators to process traffic data is found in a


combination of ARticle 6 of the ePrivacy directive together with Articles 7 and 17 of the Data Protection directive. Therefore it calls for the amendment to be deleted.

 

The Article 29 Working Party further notes that the Commission's amended version of Recital 26 (Amendment  180 in the European Parliament text) makes it very clear that the processing of traffic data falls within the scope of the data protection law, and that network operators would have to notify the relevant data protection authorities of what they are doing in this respect. It also reminds us that the retention of traffic data is governed by the Data Retention directive.

Here is the full text of the Article 29 Working Party's statement in relation to traffic data processing and deep packet inspection:
"The Working Party is aware that "providers of security services" deploy security solutions (such as anti-virus and anti-spam software, firewalls, or intrusion detection systems) that may
require the processing of traffic data for the purpose of securing personal data of the users and protecting the service itself. Nevertheless, it is concerned that the current wording might lend
legitimacy to large scale deployment of deep packet inspection, both in the network and in user equipment such as ADSL boxes, while the current legal framework already details the
cases in which traffic data may be processed for security purposes."

 

 

Here is the Article 29 Working Party opinion on the ePrivacy directive