Protecting Information Privacy on the Internet: Legal Framework in the EU

In the old ages, spies could enter one’s residence, organizations or companies and collect valuable data information such as personal sensitive data, trade secrets or transaction records. Nowadays, the open architecture of the Internet has generated an environment in which it is much easier, quicker and wider to collect data than it used to be as a variety of sensitive information can be captured on the Internet without personal presence in the location where the data is situated. Privacy rights become more vulnerable to attack. This paper will discuss the current legal framework of ePrivacy protection in the European Union (EU), examine and evaluate practical obstacles and propose possible solutions to establish trust in private management. 1. Background of ePrivacy Protection Privacy, as a fundamental human right, has been protected under basic laws in different countries or conventions at the international level since 1950s. From a boom of electronic commercial transactions in 2000, data protection stemming from International computer network has been challenged due to technical and legislative obstacles. Data protection constraints on the Internet are preventing them from fully protecting online users’ privacy rights. In B2C transactions, an online retailer might have a database of information about its customers’ personal details and their history of transactions. In B2B transactions, an international trading company might have its business partners’ bank details and business strategies in their computer servers. So what will happen if a third party steals the information or if the database owner sells the information to the third party? In order to build the web users’ trust and confidence, online trading or service companies, have posted selfregulations on the webpage. However, it is doubted that how many users have actually read the privacy statement in small print or via a clicked link before using the service or placing the order. It is also suspected whether companies do keep their promises and comply with the self-regulated privacy policies. If not, what are the remedies? In response to the necessity of e-privacy legislation, countries have made efforts to regulate the rules of eprivacy in order to facilitate economic growth, cooperation, trade and investment. This paper will discuss the current legal framework of ePrivacy protection in the European Union (EU), examine and evaluate practical obstacles and propose possible solution to establish trust in private management. 2. ePrivacy Legal Framework of the European Union 2.1 Current development Data protection is to protect the rights of the data ownership and balance the benefits between the protection of the data ownership and the permission of data freeflow, whilst privacy protection is to protect fundamental human rights. In the EU, according to Article 1 of the EC Directive on Data Protection (1995), the EC Directive on Data Protection is not only to protect personal data but also individual privacy rights. The EC ePrivacy supplements the EC Directive on Data Protection. It reflects on Recital 6, 12 and Article 1 of the EC ePrivacy Directive. For example, Recital 6 of the EC ePrivacy Directive states that “the Internet is overturning traditional market structures by providing a common, global infrastructure for the delivery of a wide range of electronic communications services. Publicly available electronic communications services over the Internet open new possibilities for users but also new risks for their personal data and privacy”. Recital 12 further clarifies that it is aimed at protecting the fundamental rights of natural persons and particularly their right to privacy, as well as the legitimate interests of legal persons”. It also “harmonises the provisions of the Member States required to ensure an equivalent level of protection of fundamental rights and freedoms, and in particular the right to privacy, with respect to the processing of personal data in the electronic communication sector and to ensure the free movement of such data and of electronic communication equipment and services in the Community as stated in Article 1(1) of the EC ePrivacy Directive.