Home

eprivacy

ePrivacy refers to a set of EU rules designed to protect privacy and the confidentiality of electronic communications. It addresses how communications data, including metadata and the use of tracking technologies, are collected, stored, and processed. The ePrivacy framework is intended to complement the General Data Protection Regulation (GDPR) by covering sector-specific aspects of electronic communications and the use of information in digital services.

The main instrument currently in force is the ePrivacy Directive (Directive 2002/58/EC), as amended by Directive

A proposed ePrivacy Regulation is intended to replace the directive with a harmonized, EU-wide framework. If

Status and impact vary by time, but as of the latest developments, the ePrivacy project remains subject

2009/136/EC
and
related
updates.
It
governs
confidentiality
of
communications,
the
processing
of
communications
data,
and
direct
marketing
by
electronic
means.
A
central
feature
is
the
rules
on
consent
for
storing
or
accessing
information
on
users’
devices,
such
as
cookies
and
similar
tracking
technologies,
with
exemptions
for
strictly
necessary
technologies
and
certain
security-related
uses.
The
directive
also
addresses
unsolicited
communications
and
the
handling
of
metadata
and
location
data
in
certain
contexts.
adopted,
the
regulation
would
tighten
and
standardize
rules
across
member
states,
strengthening
consent
requirements
for
cookies
and
other
tracking
technologies,
clarifying
the
protection
of
communications
content
and
metadata,
and
expanding
the
scope
to
newer
communication
channels
and
processing
activities
by
providers
of
electronic
communications
services
and
related
processors.
The
regulation
would
be
directly
applicable
in
all
member
states,
reducing
national
divergences.
to
negotiations
between
EU
institutions.
Adoption
would
affect
how
websites,
apps,
advertising
platforms,
and
telecoms
providers
obtain
consent,
design
consent
management
tools,
and
handle
data
in
electronic
communications,
with
enforcement
by
national
data
protection
authorities.