ePrivacy Regulation (ePR)
In January 2017, the European Commission released its proposal for a new Regulation on Privacy and Electronic Communications. It aims to replace the current ePrivacy Directive (the ‘cookies law’) with a uniform set of directly-applicable EU-wide rules that reflect the modern age. It intends to improve the security and confidentiality of communication, give clearer guidelines on tracking technologies, and harmonize rules across member states. Just like the GDPR, the (proposed) penalties for non-compliance are up to €20 million or, in the case of an undertaking, up to 4% of the total worldwide annual turnover, whichever is higher.
1Implementation / enforcement 05/2015 - 01/2017
2Discussion / consultation 01/2017 - 05/2019
As the negotiations on the ePR are ongoing, the impact on businesses is uncertain. The ePR is said to be a lex specialis to the GDPR, which means it describes a different (often stricter) set of rules for specific uses of personal data that are currently under the scope of the GDPR. For example, it intends to set specific rules for the use of Over-the-Top (OTT) communications services, and direct marketing through emergent channels like a.o. MMS and social media.