Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).
What is Directive 2002/58 and to whom does it apply?
1. Scope and purpose.
“This Directive harmonises the provisions of the Member States required to ensure an equivalent level of protection of fundamental rights and freedoms, and in particular the right to privacy, with respect to the processing of personal data in the electronic communications sector and to ensure the free movement of such data and of electronic communications equipment and services in the Community.”
“The provisions of this Directive particularise and complement Directive [95/46] for the purposes mentioned in paragraph 1.”
Nevertheless, any given referente to this obsolete Directive is considered to be done to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR)
Article 2 of this Directive provides:
“Unless otherwise provided, the definitions in Directive [95/46] (GDPR) and in Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive) shall apply for the purposes of this Directive.”
The directive in its wording gives us a fairly precise definition of what is to be considered a user by telling us that any “natural person who uses a publicly available electronic communications service for private or business purposes without necessarily having subscribed to that service” will be consider as a user.