EU ePrivacy Regulation

Image

EU ePrivacy Regulation Topic Page

On this topic page, you can find the latest developments in the creation of the ePrivacy Regulation.

Featured Resources

CHART

UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework

In July 2022, the U.K. government introduced the Data Protection and Digital Information Bill. This comparative analysis considers the changes proposed by the DPDI Bill by reference to the relevant EU law provisions.
Read More

ARTICLE

ePrivacy Regulation — Q&A on select topics

IAPP Senior Westin Research Fellows Jetty Tielemans and Müge Fazlioglu, CIPP/E, CIPP/US, offer an overview of key provisions of the text approved by the Council of Ministers earlier this year.
Read More

ARTICLE

Next-gen privacy: Examining the EU’s ePrivacy Regulation

IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, takes a deep dive into the ePrivacy Regulation, including its evolution, scope and how it handles consent and cookies.
Read More


Europe Data Protection Digest newsletter

Be in-the-know on EU privacy news by subscribing to the IAPP Europe Data Protection Digest newsletter.

Additional News and Resources

CIPL releases recommendations on e-Privacy Regulation

The Centre for Information Policy Leadership released recommendations on the draft e-Privacy Regulation as part of trilogue discussions. Among its comments, CIPL said the regulation should be consistent with the EU General Data Protection Regulation, fill in gaps of the GDPR related to electronic communication data and designate data protection authorities as sole regulators. It also notes a ban on cookie walls and consent for cookies at the browser level should be removed. CIPL also published a... Read More

CNIL's ePrivacy fines reveal potential enforcement trend

The new year for EU data protection enforcement has rung in with an early bang courtesy of the France's data protection authority, the Commission nationale de l'informatique et des libertés. The CNIL fined Google and Facebook up to a combined 210 million euros for alleged cookie violations under the ePrivacy Directive. Allegations against the companies focus on French users' inability to easily decline tracking via cookies. Google's U.S. and Irish operations received penalties of up to 90 and 6... Read More

Google supports temporary ePrivacy derogation to fight child exploitation online

In documents submitted to the European Commission, Google said it supports a temporary derogation from the ePrivacy Directive to combat the "sexual exploitation of children online," Euractiv reports. In its comments on the commission's consultation on the topic, Google also supports the creation of a center to help with law enforcement and prevention on an EU level. ZDNet reports Google voiced its support for a new security standard for smartphone virtual private network applications.Full Story... Read More

EU Council ambassadors agree to negotiating position on ePrivacy Regulation

After years of legislative limbo, the draft ePrivacy Regulation is alive and kicking after ambassadors from the Council of the European Union agreed on a negotiating mandate. The move, led by the Portuguese Presidency in the Council, allows negotiations with the European Parliament to move forward, as part of the "trilogue" process.  "The path to the Council position has not been easy," Portuguese Minister for Infrastructure and Housing and President of the Council Pedro Nuno Santos said, "but ... Read More

Critics on Croatia's ePrivacy proposal: Legitimate interest provisions not legitimate

On Feb. 21, the Croatian presidency published its proposals to break the ePrivacy Regulation deadlock. Seven previous EU presidencies (the holder rotates every six months) have tried and failed to find a compromise between member states. In a radical departure from previous drafts, the presidency has suggested changes to Articles 6 and 8 that would see “legitimate interest” as a legal basis to process metadata and collect information from the terminal equipment — potentially replacing user con... Read More

Croatian Presidency tempers expectations on ePrivacy progress

The Croatian Presidency of the Council of the European Union is just the latest EU presidency to try to tackle the ePrivacy Regulation. Finland, Romania, Austria and Bulgaria were among the countries that could not figure out ePrivacy during their presidencies, and now it's Croatia's turn at the plate. While the Committee on Civil Liberties, Justice and Home Affairs pushed forward a version of ePrivacy back in October 2017, however, progress since that vote has essentially been nonexistent. Cro... Read More

How the ePrivacy Regulation talks failed ... again

This week, the Permanent Representatives Committee of the Council of the European Union once again rejected the latest draft of the ePrivacy Regulation.   The Nov. 22 vote means that the member states still cannot agree on a common position. Despite the best efforts of the current Finnish Presidency, it's back to the drawing board again in the new year under the Croatian Presidency as the window of opportunity for agreeing on a general approach at the Transport, Telecommunications and Energy Co... Read More

Podcast: Debrief on ePrivacy Regulation's status, Schrems II case

Remember when the GDPR was about to be signed into law and there was all sorts of chatter that the ePrivacy Regulation would soon be passed as well? That was years ago now. So what's happening within the EU government that we still don't have one? In this episode of The Privacy Advisor Podcast, Gabriela Zanfir-Fortuna, senior privacy counsel at the Future of Privacy Forum, takes us through the latest. She also discusses what went down in the Court of Justice of the European Union earlier this mo... Read More

What happens to ePrivacy under the Romanian presidency?

What chance does the ePrivacy Regulation have of getting anywhere during the first half of this year? As the first month of the Romanian presidency of the Council draws to a close and as elections for the next European Parliament loom, the outlook is not good. When the Austrian presidency warned in July that it was "not sure if a common position in this topic is reachable" during its six-month term, it wasn't kidding. As it foresaw, the changes proposed during that period did not leave major pl... Read More

Inside the ePrivacy Regulation's furious lobbying war

When the European Parliament voted Thursday to move forward with negotiations around the ePrivacy Regulation, it dealt a bitter defeat to industry lobbyists who have been accused of running a "populist" campaign against the law. According to the pleas of some lobbyists, the regulation holds Europeans hostage and will put Europe on a par with Zimbabwe in the free-media stakes. It will turn web browsers into "private gatekeepers" and hinder Europe's ability to move to 5G mobile connectivity. "... Read More

LIBE votes to push Lauristin's ePrivacy Regulation forward

Members of the European Parliament’s civil liberties committee handed privacy and data protection advocates a big win Thursday when they put Rapporteur Marju Lauristin's proposals on the ePrivacy Regulation to the vote. The MEPs approved Lauristin's report 31 to 25 and granted a mandate for further negotiations. It’s a hugely significant piece of legislation that will impact data protection landscape for decades to come. Most privacy advocates were thrilled: End-to-end encryption got the thumbs... Read More

MEPs debate ePrivacy Regulation's merits ahead of July 10 deadline

On June 21, MEP Marju Lauristin, rapporteur of the new European ePrivacy Regulation, presented her draft report and sought feedback from fellow MEPs on how to update communications rules for 500 million Europeans. The current laws date back to 2002, predating most of the messaging tools now commonly used, so a revamp is long overdue.  During the debate, major sticking points seemed to be the draft's provisions on consent, allowances for security exemptions and whether the draft aligns with the ... Read More

Introducing: The ePrivacy Regulation's key player

Marju Lauristin has spent most of her life as a teacher, though that's the most modest way to describe her. Specifically, she's a professor emeritus of more than 40 years. She has been at University of Tartu since 1995, and her academic career has focused on social sciences and media studies.  But now she's playing head of the class on the global privacy stage as rapporteur for the ePrivacy Regulation. Lauristin isn't new to politics; she has been in the game for 30 years or so. In fact, she w... Read More

Will the ePrivacy Reg overshadow the GDPR in the age of IoT?

The ePrivacy draft regulation, published by the European Commission on Jan. 10, updates and upgrades Directive 2002/58/EC (the “ePrivacy directive”), the source of the infamous “cookies banner.” Under its official name – Proposal for a Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications, the draft ePrivacy regulation reorganizes and even re-conceptualizes the system of protecting the privacy of electronic communications. Armed with... Read More

The ePrivacy Regulation: It’s not just about cookies anymore

The European Commission's draft ePrivacy Regulation, published earlier this month as the EU works to replace the ePrivacy Directive (aka "the cookie law"), is a game changer for online privacy. It is a big push for a structured framework on technology enablers for companies doing business within Europe. The regulation makes a minimal effort to address the actual use of "cookies," and getting user consent through cookie banners has been left in the dust. Instead, the regulation goes into great le... Read More

European Commission proposes formal ePrivacy Regulation

The battle lines for Europe’s new ePrivacy Regulation have been drawn, as the European Commission presented its formal proposals on Tuesday. Alongside other communications on the data economy, data protection rules for the EU institutions, and a consultation (expect more on this in this week’s IAPP Europe Data Protection Digest), Commission Vice President Andrus Ansip and Commissioner Věra Jourová unveiled their plans for data protection in the realm of electronic communications. A leak of an ... Read More