What is the EU ePrivacy Regulation?
Do you know what the ePrivacy Regulation is and who it applies to? Read all about what you need to know about the ePrivacy Regulation right here.
The European Commission issued a proposal for a new ePrivacy law on January 10, 2017, that sought to replace the existing ePrivacy and Electronic Communications Directive, which was enacted in 2002 to oversee privacy regulations across the EU.
However, due to intense lobbying and stakeholder discussions, 14 draft proposals under different EU Council Presidency's have been tabled without success since.
What Does The EPrivacy Regulation Apply To?
The planned ePrivacy Regulation is intended to protect the privacy of electronic communications involving residents of EU member states. Put simply, it is about who can track the digital traces of users in e-communications, whether they are chatting via text message, on the phone, shopping or engaging in other activities online.
It is expected that ePrivacy Regulation will focus on the protection of privacy for data being communicated electronically, in contrast to GDPR, which applies to wider protection areas by ensuring a smooth flow of data between member states. Therefore, ePrivacy Regulation will impact all those who operate telecommunication services or use commercial media services, tracking cookies and customized advertising. Examples of companies likely to be affected include;
- Messaging service providers such as Whatsapp, Facebook, and Skype
- Natural or legal individuals conveying direct marketing communications
- Website owners
- Proprietors of apps that incorporate electronic communication
- Internet access providers
- Telecommunication firms
What Are The Penalties?
The ePrivacy Regulation applies the same fine as the GDPR. Anyone found to violate its requirements will be fined 20 million Euros or 4% of annual global revenue.
What Is The Scope Of The EPrivacy Regulation?
Compared to the pre-existing ePrivacy Directive, which was commonly described as the ‘Cookie Law,' the ePrivacy Regulation has a wider scope. The ePrivacy Regulation will be applicable not only towards the traditional electronic communication service providers, such as mobile and landline telephone operators, but will also cover the Internet instant messaging and VOIP apps (email, apps, etc.), as well as machine-to-machine communications such as the IoT (Internet of Things).
Additionally, the latest draft of the ePrivacy Regulation sets out a much higher threshold for obtaining consent than under the current ePrivacy Directive. The crucial areas covered include;
The scope of the current Directive is limited to conventional forms of communication like e-mails and Short Messaging Services. The ePrivacy Regulation seeks to incorporate modern forms of communication, such as messaging services on social media platforms like Whatsapp and Facebook Messenger, as well as VoIP providers.
While the ePrivacy Directive obliges the user to provide cookie consent on every website they access, the ePrivacy Regulation proposes that users offer approval through browser settings. The objective of this proposal is to make it easier for browser settings to allow blanket acceptance or refusal of tracking cookies and identifiers.
The ePrivacy Regulation incorporates comprehensive protections against spam that includes text messages, unsolicited e-mails, and automated calling systems. Promotional callers must also reveal their contact number or alternative distinguishing codes to specify when it is a marketing call.
Under this proposed regulation, consumers will be expected to provide explicit consent to get any marketing material from a business, in addition to being accorded the option to opt-out through unsubscribe messages
The ePrivacy Regulation targets metadata, which describes information such as;
- The number of times a day a device is connecting and transmitting data
- The magnitude of downloadable files
- Time, date, and location of data transfers
What Does The EPrivacy Regulation Prohibit?
This law states that any seizure or usage of electronic communications content by anyone apart from the end-user can only be done in accordance with its provisions. Keeping, tracking, listening, or scanning electronic communications will only be deemed legal if they are done in compliance with the ePrivacy Regulation.
When Will The EPrivacy Regulation Be Implemented?
Initially, this law was expected to come into effect on May 25, 2018, alongside the GDPR. Nonetheless, delays experienced during the approval phase resulted in its implementation being pushed back. Although no one knows the exact date, it is expected to be approved in 2021 followed by a transition period of 12-24 months if the current draft by the Portuguese Presidency is approved by the EU Parliament.
Read the latest ePrivacy Regulation update if you are interested in 12 key takeaways for your business.
ePrivacy Regulation Status: Learn what the recent delays mean for Businesses.
How Does The EPrivacy Regulation Compare With GDPR?
Both the GDPR and ePrivacy Regulation are concerned with data protection practices throughout the European Union. Nonetheless, while GDPR is solely focused on personal information, the ePrivacy Regulation deals with the privacy of data involved in electronic communications explicitly. Read more about the key differences between ePrivacy Regulation and GDPR.
Who Will Not Be Affected By The EPrivacy Regulation?
This law will not cover;
- Any activities that are not subject to EU law
- Private electronic communications
- EU member state activities connected to immigration and border checks
- Radio gear that is compliant with Directive 2014.53/EU
- Actions linked to the deterrence, investigation, or prosecution of criminal offenses
Want to try
Get your free cookie banner up and running today!
Five Problems that GDPR DPOs Face and How to Solve Them
DPOs often have more than one job in an organization, so it's clear that they can't always keep up with the latest legal and technological changes that are important to their work. Even though they aren't lawyers, they are expected to know the GDPR inside and out. Though they may lack technical expertise, these individuals are frequently tasked with advising on how organizations should use cutting-edge security measures to secure sensitive data. In other words, it's not a simple task.
- Data Protection
Three Free DPIA Templates and How to Use Them
In this article, you will find three DPIA templates: one from the UK, one from the French DPA, and one from the IAPP, the International Association of Privacy Professionals. Because of their expertise, we can rely on the templates they provide.
- Data Protection
What is a Consent Management Platform?
Consent Management Platform (CMP) is a software tool that makes it easy for websites to follow cookie regulations. Before a user gives consent, your website needs to block cookies. In this article, we'll discuss how websites can use CMPs to keep track of the consent they ask for.
- Data Protection