Reporting data breaches - public consultation by the EU Commission

Back to News

The European Commission has launched a public consultation on the procedures and formats for personal data breach notifications under the ePrivacy Directive. (2002/58/EC). This is an important development to increase the level of data security for citizens in Europe. The Agency’s role has been to develop guidelines for the technical implementation measures.

Public consultation

The European Commission has launched a public consultation on the circumstances, procedures and formats for personal data breach notifications under the ePrivacy Directive. The introduction of a European Data Breach Notification requirement for the electronic communication sector, for example Internet Service Providers was introduced in the review of the ePrivacy Directive (2002/58/EC), ‘Article 4’.

Higher data security for citizens

This is an important development to increase the level of data security for citizens in Europe. Citizens will now be better assured of how their personal data is being secured and protected by electronic communication sector operators. Such assurances are crucial for trust in the digital economy. At the same time, the Internet Service Providers are now invited to give their input as to ensure that the measures are suitable and adequate at practical, implementation levels.


The consultation is open to all interested stakeholders and contributions are welcome until 9 September 2011.

Agency role

The Agency’s role has been to develop guidelines for the technical implementation measures. Furthermore, if the Commission proposes technical implementing measures, it will have to consult the European Network and Information Security Agency (ENISA), the Article 29 Data Protection Working Party and the European Data Protection Supervisor (EDPS), as well as communications regulators in the Member States.


 EU Commission Press release

Consultation document

Earlier references to ENISA work on Data Breaches Notification;

Workshop, Jan., 2011

Data Breach Notification Report, Jan., 2011

Seminar, Oct., 2010.