Ch 16.2 - ePrivacy Regulation
The ePrivacy Regulation (proposal)
A proposed ePrivacy Regulation would repeal and replace the ePrivacy Directive and the national laws implementing it, applying uniformly across member states. As a Regulation it would have direct effect. The Feb 2022 Council position proposed: territorial scope based on users located in the EU (covering even non-personal data), consent aligned to the GDPR (and extended to legal persons), and a statutory soft opt-in for marketing tied to a purchase.
| Area | Proposed change |
|---|---|
| Territorial scope | Tied to processing data of users located in the EU (not the sender/collector); 'processing' includes non-personal data |
| Consent | Aligned with the GDPR and extended to legal persons; may be expressed via software technical settings (Art 4(2)) |
| Marketing | Default explicit consent, with a soft opt-in for messages tied to a purchase of the sender's own similar products/services + free, easy chance to object |
| Cookies/tracking | Content and metadata both in scope; use only on consent or in defined cases (e.g. billing, fraud prevention); door open to pseudonymised statistical data |
| Further use | Permits further compatible use subject to a positive compatibility assessment |
Key terms - quick answers
What is “ePrivacy Regulation”?
Proposed Regulation to replace the ePrivacy Directive with uniform, directly-effective EU rules on unsolicited communications, cookies and analytics. Still being negotiated.
What is “Trilogue”?
Negotiation between the EU Council, Parliament and Commission - the procedure also used to enact the GDPR.