Your World of Legal Intelligence
 United Kingdom | +44 (0) 20 7284 8080

The Privacy and Electronic Communications (EC Directive) Regulations 2003

Consolidated Text As Enacted Cited authorities 42 Cited in Amendments 43 Related
Vincent
JurisdictionUK Non-devolved
CitationSI 2003/2426
Year2003
  • These Regulations may be cited as the Privacy and Electronic Communications (EC Directive) Regulations 2003 and shall come into force on 11th December 2003.
    • (1) In these Regulations—(2) Expressions used in these Regulations that are not defined in paragraph (1) and are defined in the Data Protection Act 1998 shall have the same meaning as in that Act.(3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .(4) Any reference in these Regulations to a line shall, without prejudice to paragraph (3) , be construed as including a reference to anything that performs the function of a line, and “connected”, in relation to a line, is to be construed accordingly.
  • The Telecommunications (Data Protection and Privacy) Regulations 1999
    • (1) Nothing in these Regulations shall relieve a person of his obligations under F73the data protection legislation in relation to the processing of personal data.(2) In this regulation—
    • the data protection legislation” has the same meaning as in the Data Protection Act 2018 (see section 3 of that Act) ;
    • personal data” and “processing” have the same meaning as in Parts 5 to 7 of that Act (see section 3(2) , (4) and (14) of that Act) .
    (3) Regulation 2(2) and (3) (meaning of certain expressions) do not apply for the purposes of this regulation.(1) Subject to paragraph (2) , a provider of a public electronic communications service (“the service provider”) shall take appropriate technical and organisational measures to safeguard the security of that service.ensure that personal data can be accessed only by authorised personnel for legally authorised purposes;protect personal data stored or transmitted against accidental or unlawful destruction, accidental loss or alteration, and unauthorised or unlawful storage, processing, access or disclosure; andensure the implementation of a security policy with respect to the processing of personal data.(2) If necessary, the measures required by paragraph (1) may be taken by the service provider in conjunction with the provider of the electronic communications network by means of which the service is provided, and that network provider shall comply with any reasonable requests made by the service provider for these purposes.the nature of that risk;any appropriate measures that the subscriber may take to safeguard against that risk; andthe likely costs to the subscriber involved in the taking of such measures.the state of technological developments, andthe cost of implementing it,(5) Information provided for the purposes of paragraph (3) shall be provided to the subscriber free of any charge other than the cost to the subscriber of receiving or collecting the information.(6) The Information Commissioner may audit the measures taken by a provider of a public electronic communications service to safeguard the security of that service.(1) In this regulation and in regulations 5B and 5C, “service provider” has the meaning given in regulation 5(1) .(2) If a personal data breach occurs, the service provider shall, without undue delay, notify that breach to the Information Commissioner.(3) Subject to paragraph (6) , if a personal data breach is likely to

    To continue reading

    Request your trial
    Navigation index

    VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT