EU ePrivacy Regulation

EU ePrivacy Regulation

On this topic page, IAPP members will find the latest developments in the creation of the ePrivacy Regulation.

Subscribe to the IAPP Europe Data Protection Digest
Be in-the-know on EU privacy news (think the GDPR, Privacy Shield, and the PNR Directive, to name a few) by subscribing to the IAPP Europe Data Protection Digest.

Featured Resources

A deeper look at CNIL’s cookies enforcement

France’s data protection authority, the CNIL, has made regulating user tracking via cookies a clear priority in recent years. This article breaks down the new CNIL fines and prior work on cookies while exploring whether a fragmented privacy enforcement dilemma is brewing.
Read More

ePrivacy Regulation — Q&A on
select topics

IAPP Senior Westin Research Fellows Jetty Tielemans and Müge Fazlioglu, CIPP/E, CIPP/US, offer an overview of key provisions of the text approved by the Council of Ministers earlier this year.
Read More

Next-gen privacy: Examining the EU’s ePrivacy Regulation

IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, takes a deep dive into the ePrivacy Regulation, including its evolution, scope and how it handles consent and cookies.
Read More


Latest News and Resources

CIPL releases recommendations on e-Privacy Regulation

The Centre for Information Policy Leadership released recommendations on the draft e-Privacy Regulation as part of trilogue discussions. Among its comments, CIPL said the regulation should be consistent with the EU General Data Protection Regulation, fill in gaps of the GDPR related to electronic communication data and designate data protection authorities as sole regulators. It also notes a ban on cookie walls and consent for cookies at the browser level should be removed. CIPL also published a... Read More

Google supports temporary ePrivacy derogation to fight child exploitation online

In documents submitted to the European Commission, Google said it supports a temporary derogation from the ePrivacy Directive to combat the "sexual exploitation of children online," Euractiv reports. In its comments on the commission's consultation on the topic, Google also supports the creation of a center to help with law enforcement and prevention on an EU level. ZDNet reports Google voiced its support for a new security standard for smartphone virtual private network applications.Full Story... Read More

EU Council ambassadors agree to negotiating position on ePrivacy Regulation

After years of legislative limbo, the draft ePrivacy Regulation is alive and kicking after ambassadors from the Council of the European Union agreed on a negotiating mandate. The move, led by the Portuguese Presidency in the Council, allows negotiations with the European Parliament to move forward, as part of the "trilogue" process.  "The path to the Council position has not been easy," Portuguese Minister for Infrastructure and Housing and President of the Council Pedro Nuno Santos said, "but ... Read More

Drafts and official guidance

Directive on Privacy and Electronic Communications Act 2002/58EC

A continuation of policy directives for the European Union Member States as set forth in the Data Protection Directive. It has been amended by the Cookie Directive 2009/136EC, which added a requirement that all websites using tracking cookies obtain user consent unless the cookie is “strictly necessary for the delivery of a service requested by the use.” This policy recognizes the importance of cookies for the functioning of modern websites while still making users aware of any tracking the user... Read More

Cookie Directive

The so-called "Cookie Directive" is an amendment made to the European Union's Directive 2002/58, also known as the ePrivacy Directive, that requires organizations to get consent before placing cookies (see Cookies) and other tracking technologies on digital devices. With the passage of the General Data Protection Regulation, this definition of consent has changed and opt-out consent is no longer viable in this area. Associated term(s): Directive 2009/136/EC, ePrivacy Directive... Read More

New ePrivacy draft covers metadata processing, removes legitimate interest provision

The German Presidency of the Council of the European Union created a new draft of the proposed ePrivacy Regulation, Euractiv reports. The latest draft would allow for the processing of online communications metadata during "natural or man-made disasters" and for "monitoring epidemics." The legitimate interest provision for processing general metadata that had been seen in previous drafts was not included in this iteration. The Working Party on Telecommunications and Information Society will disc... Read More