ePrivacy Regulation: How will it affect me?

More changes are coming to EU privacy laws – how is your organisation going to prepare?

What is the ePrivacy Regulation?

The ePrivacy regulation governs the use of electronic communications within the EU – and will ultimately replace The Privacy and Electronic Communications (EC Directive) Regulations 2003 in the UK, and extends the DPEC (Directive of Privacy and Electronic Communications) in Europe. As with GDPR, business will face heavy fines for non-compliance.


How does the ePrivacy Regulation differ from GDPR?

The ePrivacy regulation almost acts as to clarify and enhance areas within the General Data Protection Regulations (Data Protection Act 2018) – which include rules regarding unsolicited marketing, cookie tracking, and confidentiality. 

Any types of unsolicited electronic communications, whether text or email, will require express permission from the email/account holder.

‘Cookie fatigue’ is a widespread problem brought about by the previous ePrivacy Directive – many websites implemented GDPR consent banners which the user needs to click again and again on all kinds of sites. The ePrivacy Regulation aims to address this. It’s possible cookie consent will be tracked within a user’s browser, thereby deprecating the existing GDPR consent banners that have appeared on many sites.

Online communications providers such as Google, Facebook, and WhatsApp are to be treated in the same light as telecoms providers, necessitating the latest technology to keep customer data secure.


When will it come into effect?

The ePrivacy Regulation was actually meant to come into effect in early 2019, however it was delayed – and is now expected to come into effect in 2020/2021, depending on many factors – such as whether there is a 12 or 24 month transition period, and how the UK aligns with EU on data protection after brexit.

Regardless – businesses should be given ample time to prepare for this – and should ensure their existing infrastructure can adapt to facilitate this new legislation.


What other factors are important to consider?

If a withdrawal agreement is struck with the EU it will likely close alignment to the ePrivacy Regulations – making transference of data from the UK to the EU more difficult.


What Can I Do to Prepare?

  • Perform a Cookie audit of your site.
  • Limit the amount of personal data you collect.
  • Test your website against web-browsers’ cookie controls.
  • Determine which communication services exist in your business.
  • Secure your business’s internal and external infrastructure.
  • Take all measures to protect customer data – including phishing courses and vulnerability scanning.


In summary – the ePrivacy regulation has a more expansive scope than the GDPR, and acts to supplement it as part of the ePrivacy directive.

Ellis Fraser-Knight
Ellis Fraser-Knight
Articles: 10