ePrivacy Regulation (ePR)

In January 2017, the European Commission released its proposal for a new Regulation on Privacy and Electronic Communications. It aims to replace the current ePrivacy Directive (the ‘cookies law’) with a uniform set of directly-applicable EU-wide rules that reflect the modern age. It intends to improve the security and confidentiality of communication, give clearer guidelines on tracking technologies, and harmonize rules across member states. Just like the GDPR, the (proposed) penalties for non-compliance are up to €20 million or, in the case of an undertaking, up to 4% of the total worldwide annual turnover, whichever is higher.

2019
2020
2021
2022
2023
2024
2
1
Implementation / enforcement 05/2015 - 01/2017
2
Discussion / consultation 01/2017 - 05/2019

STATUS
Before a finalized text can be passed by the European Parliament, trilogue negotiations with the European Council and the European Commission will take place. It is assumed the negotiations will not continue before the next elections to the European Parliament, expected to be held in 23–26 May 2019. Therefore, it might take to 2020 before this law will enter into force.

As the negotiations on the ePR are ongoing, the impact on businesses is uncertain. The ePR is said to be a lex specialis to the GDPR, which means it describes a different (often stricter) set of rules for specific uses of personal data that are currently under the scope of the GDPR. For example, it intends to set specific rules for the use of Over-the-Top (OTT) communications services, and direct marketing through emergent channels like a.o. MMS and social media.

author
Chantal Rademaker de Ridder Partner
Categories: Privacy & Security