What is the EU ePrivacy Regulation?
Do you know what the ePrivacy Regulation is and who it applies to? Read all about what you need to know about the ePrivacy Regulation right here.
The European Commission issued a proposal for a new ePrivacy law on January 10, 2017, that sought to replace the existing ePrivacy and Electronic Communications Directive, which was enacted in 2002 to oversee privacy regulations across the EU.
However, due to intense lobbying and stakeholder discussions, 14 draft proposals under different EU Council Presidency's have been tabled without success since.
What Does The EPrivacy Regulation Apply To?
The planned ePrivacy Regulation is intended to protect the privacy of electronic communications involving residents of EU member states. Put simply, it is about who can track the digital traces of users in e-communications, whether they are chatting via text message, on the phone, shopping or engaging in other activities online.
It is expected that ePrivacy Regulation will focus on the protection of privacy for data being communicated electronically, in contrast to GDPR, which applies to wider protection areas by ensuring a smooth flow of data between member states. Therefore, ePrivacy Regulation will impact all those who operate telecommunication services or use commercial media services, tracking cookies and customized advertising. Examples of companies likely to be affected include;
- Messaging service providers such as Whatsapp, Facebook, and Skype
- Natural or legal individuals conveying direct marketing communications
- Website owners
- Proprietors of apps that incorporate electronic communication
- Internet access providers
- Telecommunication firms
What Are The Penalties?
The ePrivacy Regulation applies the same fine as the GDPR. Anyone found to violate its requirements will be fined 20 million Euros or 4% of annual global revenue.
What Is The Scope Of The EPrivacy Regulation?
Compared to the pre-existing ePrivacy Directive, which was commonly described as the ‘Cookie Law,' the ePrivacy Regulation has a wider scope. The ePrivacy Regulation will be applicable not only towards the traditional electronic communication service providers, such as mobile and landline telephone operators, but will also cover the Internet instant messaging and VOIP apps (email, apps, etc.), as well as machine-to-machine communications such as the IoT (Internet of Things).
Additionally, the latest draft of the ePrivacy Regulation sets out a much higher threshold for obtaining consent than under the current ePrivacy Directive. The crucial areas covered include;
The scope of the current Directive is limited to conventional forms of communication like e-mails and Short Messaging Services. The ePrivacy Regulation seeks to incorporate modern forms of communication, such as messaging services on social media platforms like Whatsapp and Facebook Messenger, as well as VoIP providers.
While the ePrivacy Directive obliges the user to provide cookie consent on every website they access, the ePrivacy Regulation proposes that users offer approval through browser settings. The objective of this proposal is to make it easier for browser settings to allow blanket acceptance or refusal of tracking cookies and identifiers.
The ePrivacy Regulation incorporates comprehensive protections against spam that includes text messages, unsolicited e-mails, and automated calling systems. Promotional callers must also reveal their contact number or alternative distinguishing codes to specify when it is a marketing call.
Under this proposed regulation, consumers will be expected to provide explicit consent to get any marketing material from a business, in addition to being accorded the option to opt-out through unsubscribe messages
The ePrivacy Regulation targets metadata, which describes information such as;
- The number of times a day a device is connecting and transmitting data
- The magnitude of downloadable files
- Time, date, and location of data transfers
What Does The EPrivacy Regulation Prohibit?
This law states that any seizure or usage of electronic communications content by anyone apart from the end-user can only be done in accordance with its provisions. Keeping, tracking, listening, or scanning electronic communications will only be deemed legal if they are done in compliance with the ePrivacy Regulation.
When Will The EPrivacy Regulation Be Implemented?
Initially, this law was expected to come into effect on May 25, 2018, alongside the GDPR. Nonetheless, delays experienced during the approval phase resulted in its implementation being pushed back. Although no one knows the exact date, it is expected to be approved in 2021 followed by a transition period of 12-24 months if the current draft by the Portuguese Presidency is approved by the EU Parliament.
Read the latest ePrivacy Regulation update if you are interested in 12 key takeaways for your business.
ePrivacy Regulation Status: Learn what the recent delays mean for Businesses.
How Does The EPrivacy Regulation Compare With GDPR?
Both the GDPR and ePrivacy Regulation are concerned with data protection practices throughout the European Union. Nonetheless, while GDPR is solely focused on personal information, the ePrivacy Regulation deals with the privacy of data involved in electronic communications explicitly. Read more about the key differences between ePrivacy Regulation and GDPR.
Who Will Not Be Affected By The EPrivacy Regulation?
This law will not cover;
- Any activities that are not subject to EU law
- Private electronic communications
- EU member state activities connected to immigration and border checks
- Radio gear that is compliant with Directive 2014.53/EU
- Actions linked to the deterrence, investigation, or prosecution of criminal offenses
EU Digital Markets Act (DMA): What Businesses Must Know
Explore the European Union's Digital Markets Act (DMA) and its impact on tech giants, gatekeepers, and SMEs. Uncover key provisions, designated companies, and the relevance of compliance for small to medium-sized enterprises.
- Europe GDPR
- Data Protection
The Complete Guide to WordPress GDPR Compliance: Make Your Wordpress Site is Compliant
Learn about the General Data Protection Regulation (GDPR) and its significance for WordPress websites. Discover essential steps, potential consequences of non-compliance, and effective cookie management strategies to ensure GDPR compliance.
- Europe GDPR
Understanding the Utah Consumer Privacy Act (UCPA): A Comprehensive Overview of the New Consumer Privacy Law
Learn about the Utah Consumer Privacy Act (UCPA), its impact on businesses operating in Utah or targeting Utah customers, compliance requirements, consumer rights, data security measures, and penalties for non-compliance.