Looking for help with the Online Safety Act - Ofcom consultations? Please get in touch. 

A Telecoms Package  amendment on the processing of traffic data could lead to large-scale deployment of filtering technology, according to a body which advises the European Union on privacy matters, known as the Article 29 Working Party.

The Article 29 Working Party  issued an opinion on the proposals to amend the e-Privacy directive. In the document, it warns  that  the  amendment on the processing of traffic data for security purposes (ePrivacy directive, Article 6.7 in the Council's Common position and Amendment 181 in the European Parliament text) could "lend  legitimacy to large-scale deployment of  deep packet inspection." Deep packet inspection is the technology that facilities filtering, as well as "traffic management" by network operators.

And it reiterates the opinion of the European Data Protection Supervisor (EDPS) that the amendment is unnecessary. The legal basis for network operators to process traffic data is found in a

combination of ARticle 6 of the ePrivacy directive together with Articles 7 and 17 of the Data Protection directive. Therefore it calls for the amendment to be deleted.


The Article 29 Working Party further notes that the Commission's amended version of Recital 26 (Amendment  180 in the European Parliament text) makes it very clear that the processing of traffic data falls within the scope of the data protection law, and that network operators would have to notify the relevant data protection authorities of what they are doing in this respect. It also reminds us that the retention of traffic data is governed by the Data Retention directive.

Here is the full text of the Article 29 Working Party's statement in relation to traffic data processing and deep packet inspection:
"The Working Party is aware that "providers of security services" deploy security solutions (such as anti-virus and anti-spam software, firewalls, or intrusion detection systems) that may
require the processing of traffic data for the purpose of securing personal data of the users and protecting the service itself. Nevertheless, it is concerned that the current wording might lend
legitimacy to large scale deployment of deep packet inspection, both in the network and in user equipment such as ADSL boxes, while the current legal framework already details the
cases in which traffic data may be processed for security purposes."



Here is the Article 29 Working Party opinion on the ePrivacy directive 


Iptegrity moves on!

May 2024: Iptegrity is being re-developed to upgrade the Joomla software.

Please bear with us until the new site is ready.

Find me on LinkedIn

About Iptegrity

Iptegrity.com is the website of Dr Monica Horten. I am an  independent policy advisor: online safety, technology and human rights. In April 2024, I was appointed as an independent expert on the Council of Europe Committee of Experts on online safety and empowerment of content creators and users. I am a published author, and post-doctoral scholar. I hold a PhD from the University of Westminster, and a DipM from the Chartered Institute of Marketing. I cover the UK and EU. I'm a former tech journalist, and an experienced panelist and Chair. My media credits include the BBC, iNews, Times, Guardian and Politico.

Iptegrity.com is made available free of charge for non-commercial use. Please link back and attribute Dr Monica Horten.  Contact me to use any of my content for commercial purposes.