The guidelines encouraged ISP's to:
- -- risks for children such as encountering content that is illegal or may cause them harm (pornography, violence, demeaning or racist expressions) or of being exposed to harmful behaviour from other users (grooming, bullying);
- -- security risks, for data integrity, confidentiality (when making transactions), phishing or network security;
- -- privacy risks such as the collection, recording and processing of data (spyware, profiling).
- ensure that information is available to their customers about filtering software that may block or restrict access to certain content;
- ensure that the use of additional services such as chat, e-mail and blog services is as safe as possible;
- establish appropriate procedures and technologies to protect the privacy of users and the secrecy of content. For example, the interception or monitoring of email should only be undertaken if there is a legal duty to do so, arising for example from a court order, or as necessary in order to protect users from unsolicited e-mail;
- refrain from collecting or storing information about users unless this is necessary for specified and legitimate purposes complying with the law.