1. Home
  2. REGULATIONS
  3. ePrivacy Regulation (EPR)

ePrivacy Regulation (EPR)

ePrivacy Regulation (EPR)

Scope:

Unlike the GDPR, the ePrivacy Regulation does not apply to just personal data. It also affects B2B marketing, for instance.

The final text of the EPR is yet to be agreed, but the Council’s draft recommends that the Regulation applies to:

  • The processing of electronic communications content and metadata carried out in connection with the provision and use of electronic communications services;
  • End users’ terminal equipment information;
  • The offering of a publicly available directory of end users of electronic communications services; and/or
  • The sending of direct marketing communications to end users.

Whatever the Regulation’s final wording, it will have the same territorial scope as the GDPR and apply directly in all EU member states as well as having extraterritorial reach to non-EEA organisations that:

  • Process EU residents’ electronic communications content and/or metadata;
  • Process EU residents’ terminal equipment information;
  • Offer publicly available directories of EU residents; or
  • Send direct marketing communications to EU residents.

Main differences between ePrivacy Directive(EPD) and ePrivacy Regulation (EPR):

  • The ePrivacy Directive was nicknamed "the cookie law". It prompted many organisations to introduce cookie walls and consent mechanisms that prevented end users from accessing websites unless they blindly accepted cookies.
  • The ePrivacy Regulation is meant to eliminate such issues while still giving people online privacy and protecting the confidentiality of their terminal equipment.

The Commission’s proposal states that cookies used only to process information anonymously should no longer require end-user consent. This should mean fewer cookie walls and banners for end users.Many other exemptions from consent are retained in the proposal, including cookies necessary for:

  • Transmitting a communication.
  • Security.
  • Billing or collecting payments; or
  • Detecting or stopping fraud.

Even though there are fewer restrictions about collecting electronic communications data, the ePrivacy Regulation sets out rules about how that data must be stored, protected and erased.

However, the final text is still to be agreed, with the Council of the European Union and the European Parliament disagreeing about a number of issues. You can follow the ePrivacy Regulation’s progress and read all drafts on the EU’s EUR-Lex website


ePrivacy Directive ("EU cookie law”)
EU’s General Data Protection Regulation(GDPR)
UK's Privacy and Electronic Communications Regulations(PECR)
I BUILT MY SITE FOR FREE USING