On 24 June 2013, the European Commission adopted Regulation 611/2013 on the measures applicable to personal data breach notifications as provided for in Directive 2002/58, also known as the ePrivacy Directive. The Regulation, which came into force on 25 August, clarifies the obligations imposed on electronic communication service providers (the only entities subject to this regime, for the time being) by imposing the obligation to inform the competent data protection authority within 24 hours, to provide specific details on the data affected or by specifying the principles which should be applied to evaluate whether data subjects should be informed of the breach.