The UK Department for Business Innovation and Skills (BIS) has launched a consultation on its proposals for implementing the revised EU Electronic Communications Framework.


In 2002, EU Member States reached agreement on a regulatory Framework for electronic communication networks and services, which would apply to all Member States. The Framework was amended subsequently in November 2009, following two years of negotiations.

The revised Framework seeks to enhance competition in the communications sector. The regulatory powers of Member States, national regulators, and the Commission itself are being extended, particularly with regard to consumer protection, eprivacy, and security. The Commission has also been granted new powers of scrutiny over regulators’ decisions on how they regulate their national markets; in addition to new powers to issue harmonising recommendations and, in some cases, binding decisions.

The enforcement powers of national regulatory authorities (NRAs) are also to be enhanced. In addition, the Framework strengthens consumer rights, through new provisions intended to ensure that consumers are better informed about supply conditions and tariffs and allow them to switch providers more easily.

The amendments to the E-Privacy Directive (2002/58/EC) include

  • Changing the requirement for storing and accessing cookies on a user’s computer from a “right to refuse” to obtaining informed consent, although consent is not required when the cookie is “strictly necessary” to deliver a service that has been requested explicitly by the user. 
  • The introduction of a duty on providers of electronic communications services to notify personal data breaches to the relevant NRA, the Information Commissioner’s Office (ICO) in the United Kingdom, and in certain circumstances to notify the data subject. 
  • A requirement to have an effective and dissuasive enforcement and penalties regime, including criminal penalties where appropriate, for breaches of the Directive.


The BIS acknowledges the efforts of industry to educate consumers about cookies and encouragingly states that it supports efforts towards self-regulation. However, the copy out approach to implementation, an approach adopted for the whole Directive, takes us little farther forward and all eyes remain fixed on the ICO and any guidance it may issue.