- Latest available (Revised)
- Original (As made)
The Privacy and Electronic Communications (EC Directive) Regulations 2003
You are here:
- UK Statutory Instruments
- 2003 No. 2426
- Schedules only
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Changes over time for: The Privacy and Electronic Communications (EC Directive) Regulations 2003 (Schedules only)
Alternative versions:
Changes to legislation:
There are currently no known outstanding effects for the The Privacy and Electronic Communications (EC Directive) Regulations 2003.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
Regulation 31
SCHEDULE 1U.K.Modifications for the purposes of these Regulations to Part V [F1and sections 55A to 55E] of the Data Protection Act 1998 and Schedules 6 and 9 to that Act as extended by Regulation 31
Textual Amendments
F1Words in Sch. 1 title inserted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(a)
[F2Modifications of the Data Protection Act 1998]U.K.
Textual Amendments
F2Sch. 1 para. 1 cross-heading inserted (17.12.2018) by The Privacy and Electronic Communications (Amendment) Regulations 2018 (S.I. 2018/1189), regs. 1, 2(2)
1. In section 40—U.K.
(a)in subsection (1), for the words “data controller” there shall be substituted the word “ person ”, for the words “data protection principles” there shall be substituted the words “ requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (in this Part referred to as “the relevant requirements”) ” and for the words “principle or principles” there shall be substituted the words “ requirement or requirements ”;
(b)in subsection (2), the words “or distress” shall be omitted;
(c)subsections (3), (4), (5), (9) and (10) shall be omitted; and
(d)in subsection (6)(a), for the words “data protection principle or principles” there shall be substituted the words “ relevant requirement or requirements. ”
2. In section 41(1) and (2), for the words “data protection principle or principles”, in both places where they occur, there shall be substituted the words “ relevant requirement or requirements ”.U.K.
[F32A. Sections 41A to 41C shall be omitted.]U.K.
Textual Amendments
F3Sch. 1 para. 2A inserted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(b)
3. Section 42 shall be omitted.U.K.
4. In section 43—U.K.
(a)for subsections (1) and (2) there shall be substituted the following provisions—
“(1) If the Commissioner reasonably requires any information for the purpose of determining whether a person has complied or is complying with the relevant requirements, he may serve that person with a notice (in this Act referred to as “an information notice”) requiring him, within such time as is specified in the notice, to furnish the Commissioner, in such form as may be so specified, with such information relating to compliance with the relevant requirements as is so specified.
(2) An information notice must contain a statement that the Commissioner regards the specified information as relevant for the purpose of determining whether the person has complied or is complying with the relevant requirements and his reason for regarding it as relevant for that purpose.”
(b)in subsection (6)(a), after the word “under” there shall be inserted the words “ the Privacy and Electronic Communications (EC Directive) Regulations 2003 or ”;
(c)in subsection (6)(b), after the words “arising out of” there shall be inserted the words “ the said Regulations or ”;
[F4(d)in subsection (8), for “under this Act” there shall be substituted “under the Privacy and Electronic Communications (EC Directive) Regulations 2003”;
(e)in subsection (8B), for “under this Act (other than an offence under section 47)” there shall be substituted “under the Privacy and Electronic Communications (EC Directive) Regulations 2003”; and
(f)subsection (10) shall be omitted.]
Textual Amendments
F4Sch. 1 para. 4(d)-(f) substituted for Sch. 1 para. 4(d) and word (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(c)
5. Sections 44, 45 and 46 shall be omitted.U.K.
[F56. In section 47—U.K.
(a)in subsection (1), “special information notice” there shall be substituted “third party information notice”; and
(b)in subsection (2), for “special information notice” there shall be substituted “third party information notice”.]
Textual Amendments
F5Sch. 1 para. 6 substituted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(d)
7. In section 48—U.K.
(a)in subsections (1) and (3), for the words “an information notice or a special information notice”, in both places where they occur, there shall be substituted the words “ or an information notice ”;
(b)in subsection (3) for the words “43(5) or 44(6)” there shall be substituted the words “ or 43(5) ”; and
(c)subsection (4) shall be omitted.
8. In section 49 subsection (5) shall be omitted.U.K.
[F68A. [F7Except where paragraph 8AA applies, in section 55A—]U.K.
(a)in subsection (1)—
(i)for “data controller” there shall be substituted “person”, and
(ii)for “of section 4(4) by the data controller” there shall be substituted “of the requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003”;
(b)in subsection (3), for “data controller” there shall be substituted “person”;
(c)subsection (3A) shall be omitted;
(d)in subsection (4), for “data controller” there shall be substituted “person”;
(e)in subsection (9), the definition of “data controller” shall be omitted.
Textual Amendments
F6Sch. 1 paras. 8A, 8B inserted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(e)
F7Words in Sch. 1 para. 8A substituted (6.4.2015) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2015 (S.I. 2015/355), regs. 1, 2(3)
[F88AA. In section 55A, when applied to regulations 19 to 24 of these Regulations—U.K.
(a)in subsection (1)—
(i)for “data controller” there shall be substituted “person”;
(ii)in paragraph (a), for “of section 4(4) by the data controller” there shall be substituted “of the requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003, and”; and
(iii)for paragraphs (b) and (c) there shall be substituted—
“(b)subsection (2) or (3) applies.”;
(b)in subsection (3)—
(i)for “data controller” there shall be substituted “person”; and
(ii)for paragraph (a) substitute—
“(a)knew or ought to have known that there was a risk that the contravention would occur, but”;
(c)subsection (3A) shall be omitted;
[F9(ca)before subsection (4) there shall be inserted the following subsections—
“(3B) If a monetary penalty notice has been served under this section on a body, the Commissioner may also serve a monetary penalty notice on an officer of the body if the Commissioner is satisfied that the contravention in respect of which the monetary penalty notice was served on the body—
(a)took place with the consent or connivance of the officer, or
(b)was attributable to any neglect on the part of the officer.
(3C) In subsection (3B)—
“body” means a body corporate or a Scottish partnership;
“officer” in relation to a body means—
(a)
in relation to a body corporate—
(i)
a director, manager, secretary or other similar officer of the body or any person purporting to act in such capacity, or
(ii)
where the affairs of the body are managed by its members, a member; or
(b)
in relation to a Scottish partnership, a partner or any person purporting to act as a partner.”]
(d)in subsection (4), for “data controller” there shall be substituted “person [F10on whom it is served]”; and
(e)in subsection (9), the definition of “data controller” shall be omitted.]
Textual Amendments
F6Sch. 1 paras. 8A, 8B inserted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(e)
F8Sch. 1 para. 8AA inserted (6.4.2015) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2015 (S.I. 2015/355), regs. 1, 2(4)
F9Sch. 1 para. 8AA(ca) inserted (17.12.2018) by The Privacy and Electronic Communications (Amendment) Regulations 2018 (S.I. 2018/1189), regs. 1, 2(3)(a)
F10Words in Sch. 1 para. 8AA(d) inserted (17.12.2018) by The Privacy and Electronic Communications (Amendment) Regulations 2018 (S.I. 2018/1189), regs. 1, 2(3)(b)
8B. In section 55B, for the words “data controller” (in subsections (1), (3) and (4)), there shall be substituted the word “person”.]U.K.
Textual Amendments
F6Sch. 1 paras. 8A, 8B inserted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(e)
[F118C. In section 55E, for the words “data controller” in subsection (2), there shall be substituted the word “person”.]U.K.
Textual Amendments
F11Sch. 1 para. 8C inserted (6.4.2015) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2015 (S.I. 2015/355), regs. 1, 2(5)
9. In paragraph 4(1) of [F12Schedule 6], for the words “(2) or (4)” there shall be substituted the words “ or (2) ”.U.K.
Textual Amendments
F12Words in Sch. 1 para. 9 substituted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(f)
10. In paragraph 1 of Schedule 9—U.K.
(a)for subparagraph (1)(a) there shall be substituted the following provision—
“(a)that a person has contravened or is contravening any of the requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (in this Schedule referred to as “the 2003 Regulations”) or”
[F13(b)in subparagraph (1A) for “data controller” there shall be substituted “person”, and for “requirement imposed by an assessment notice” there shall be substituted “the audit provisions in regulations 5 and 5B of the 2003 Regulations”;
(c)in subparagraph (1B)—
(i)for “data controller” there shall be substituted “person”;
(ii)for “data protection principles” there shall be substituted “the requirements of the 2003 Regulations”;
(iii)for “assessment notice” there shall be substituted “audit notice”; and
(iv)the words “subparagraph (2) and” shall be omitted;
(d)subparagraph (2) shall be omitted;
(e)in subparagraphs (3)(d)(ii) and (3)(f) for the words “data controller” there shall be substituted “person”, and for the words “the data protection principles” there shall be substituted “the requirements of the 2003 Regulations”.]
Textual Amendments
F13Sch. 1 para. 10(b)-(e) substituted for Sch. 1 para. 10(b) and word (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(g)
[F1410A. In paragraph 2(1A) of Schedule 9 for “assessment notice” there shall be substituted “audit notice”.]U.K.
Textual Amendments
F14Sch. 1 para. 10A inserted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 14(h)
11. In paragraph 9 of Schedule 9—U.K.
(a)in subparagraph (1)(a) after the words “rights under” there shall be inserted the words “ the 2003 Regulations or ”; and
(b)in subparagraph (1)(b) after the words “arising out of” there shall be inserted the words “ the 2003 Regulations or ”.
[F15Modifications of secondary legislationU.K.
Textual Amendments
F15Sch. 1 paras. 12, 13 and cross-heading inserted (17.12.2018) by The Privacy and Electronic Communications (Amendment) Regulations 2018 (S.I. 2018/1189), regs. 1, 2(4)
Modification of the Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010U.K.
12.—(1) The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 are extended for the purposes of these Regulations and have effect subject to the following modifications.
(2) Regulation 1 applies as if in paragraph (2), at the end, there were inserted “as modified by regulation 31(1) of, and Schedule 1 to, the Privacy and Electronic Communications (EC Directive) Regulations 2003”.
(3) Regulation 3 (notices of intent) applies as if—
(a)in paragraph (a) for “data controller” there were substituted “person”;
(b)paragraph (b)(i) were omitted;
(c)for paragraph (b)(ii) there were substituted—
“(ii)the nature of the contravention of the Privacy and Electronic Communications (EC Directive) Regulations 2003,”; and
(d)in a case where paragraph 8AA of Schedule 1 to the Privacy and Electronic Communications (EC Directive) Regulations 2003 applies—
(i)paragraph (b)(iv) were omitted, and
(ii)after paragraph (v) there were inserted—
“(vi)if the notice is served on an officer of a body, the reason the Commissioner considers that the officer has responsibility for the contravention.”.
(4) Regulation 4 (monetary penalty notices) applies as if—
(a)in paragraphs (a), (b) and (g) for “data controller” there were substituted “person”;
(b)paragraph (d)(i) were omitted;
(c)for paragraph (d)(ii) there were substituted—
“(ii)the nature of the contravention of the Privacy and Electronic Communications (EC Directive) Regulations 2003,”; and
(d)in a case where paragraph 8AA of Schedule 1 to the Privacy and Electronic Communications Regulations 2003 applies—
(i)paragraph (d)(iv) were omitted, and
(ii)after paragraph (d)(v) there were inserted—
“(vi)if the notice is served on an officer of a body, the reason the Commissioner considers that the officer has responsibility for the contravention;”.
Modification of the Data Protection (Monetary Penalties) Order 2010U.K.
13.—(1) The Data Protection (Monetary Penalties) Order 2010 is extended and has effect for the purposes of these Regulations subject to the following modifications.
(2) Article 1(2) (interpretation) applies as if at the end there were inserted “as modified by regulation 31(1) of, and Schedule 1 to, the Privacy and Electronic Communications (EC Directive) Regulations 2003”.
(3) Article 5(2) (monetary penalty notices: cancellation) applies as if after “take any further action” there were inserted “against the person on whom that notice was served”.
(4) Article 6(c) (monetary penalty notices: enforcement) applies as if for “data controller” there were substituted “person on whom the notice is served.]
Regulation 36
SCHEDULE 2U.K.Transitional provisions
InterpretationU.K.
1. In this Schedule “the 1999 Regulations” means the Telecommunications (Data Protection and Privacy) Regulations 1999 and “caller” has the same meaning as in regulation 21 of the 1999 Regulations.U.K.
DirectoriesU.K.
2.—(1) Regulation 18 of these Regulations shall not apply in relation to editions of directories first published before 11th December 2003.U.K.
(2) Where the personal data of a subscriber have been included in a directory in accordance with Part IV of the 1999 Regulations, the personal data of that subscriber may remain included in that directory provided that the subscriber—
(a)has been provided with information in accordance with regulation 18 of these Regulations; and
(b)has not requested that his data be withdrawn from that directory.
(3) Where a request has been made under subparagraph (2) for data to be withdrawn from a directory, that request shall be treated as having no application in relation to an edition of a directory that was produced before the producer of the directory received the request.
(4) For the purposes of subparagraph (3), an edition of a directory, which is revised after it was first produced, shall be treated as a new edition.
NotificationsU.K.
3.—(1) A notification of consent given to a caller by a subscriber for the purposes of regulation 22(2) of the 1999 Regulations is to have effect on and after 11th December 2003 as a notification given by that subscriber for the purposes of regulation 19(2) of these Regulations.U.K.
(2) A notification given to a caller by a corporate subscriber for the purposes of regulation 23(2)(a) of the 1999 Regulations is to have effect on and after 11th December 2003 as a notification given by that subscriber for the purposes of regulation 20(1)(b) of these Regulations.
(3) A notification of consent given to a caller by an individual subscriber for the purposes of regulation 24(2) of the 1999 Regulations is to have effect on and after 11th December 2003 as a notification given by that subscriber for the purposes of regulation 20(2) of these Regulations.
(4) A notification given to a caller by an individual subscriber for the purposes of regulation 25(2)(a) of the 1999 Regulations is to have effect on and after the 11th December 2003 as a notification given by that subscriber for the purposes of regulation 21(1) of these Regulations.
Registers kept under regulations 25 and 26U.K.
4.—(1) A notification given by a subscriber pursuant to regulation 23(4)(a) of the 1999 Regulations to the Director General of Telecommunications (or to such other person as is discharging his functions under regulation 23(4) of the 1999 Regulations on his behalf by virtue of an arrangement made under regulation 23(6) of those Regulations) is to have effect on or after 11th December 2003 as a notification given pursuant to regulation 25(1) of these Regulations.U.K.
(2) A notification given by a subscriber who is an individual pursuant to regulation 25(4)(a) of the 1999 Regulations to the Director General of Telecommunications (or to such other person as is discharging his functions under regulation 25(4) of the 1999 Regulations on his behalf by virtue of an arrangement made under regulation 25(6) of those Regulations) is to have effect on or after 11th December 2003 as a notification given pursuant to regulation 26(1) of these Regulations.
References in these Regulations to OFCOMU.K.
5. In relation to times before an order made under section 411 M1 of the Communications Act 2003 brings any of the provisions of Part 2 of Chapter 1 of that Act into force for the purpose of conferring on OFCOM the functions contained in those provisions, references to OFCOM in these Regulations are to be treated as references to the Director General of Telecommunications.U.K.
Marginal Citations
M1For the commencement of section 411, see section 411(2) and (3) of the Communications Act 2003 (c. 21).
Options/Help
Print Options
PrintThe Whole Instrument
PrintThe Schedules only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as enacted version that was used for the print copy
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as made version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.