As part of an effort to strengthen personal data breach notification requirements, the commission is considering “technical implementing measures” as part of the revised ePrivacy Directive, which took effect on May 25.
Through the public consultation, the commission is asking for input from phone companies, ISPs, data protection authorities, and consumer organizations about existing data breach notification practices and initial experiences implementing the ePrivacy Directive.
This consultation is intended to help the commission to determine whether technical implementing measures are required to harmonize national rules on personal data breach notification.
"The duty to notify data breaches is an important part of the new EU telecoms rules. But we need consistency across the EU so businesses don't have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses", said Commission Vice-President for the Digital Agenda Neelie Kroes.
The consultation is seeking input on the following issues: how organizations comply, or intend to comply, with the new obligation under the telecom rules; the types of breaches that would trigger the requirement to notify individuals and examples of protection measures that can render data unintelligible; notification deadlines, the means of notification, and the procedure for an individual case; and the contents of the notification to the national authority and to the individual, existing standard formats, and the feasibility of a standard EU format.
Feedback is due to the commission by Sept. 9, 2011.