EU E-Privacy Directive Compliance Excellence

Elevate your digital operations to compliance excellence with our EU E-Privacy Directive Consultancy services.

What is the e-Privacy Directive?

The e-Privacy Directive is a set of legislation in the European Union (EU) fordata protection and privacy. It is officially known as the “Privacy and Electronic Communications Directive 2002/58/EC.” It governs cookie usage, email marketing, data minimization, and other data privacy issues.

It is not a binding legislation in and of itself, like other EU directives, but rather an exhortation to EU member states to adopt their own laws that accord with the directive.
The e-Privacy Directive was adopted in 2002 and revised in 2009. It will be replaced in the near future by the e-Privacy Regulation.

Does the GDPR override
the e-Privacy Directive?

The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that applies to the personal information of EU residents. Itbecomes effective in 2018. The GDPR supplements and extends on the e-Privacy Directive’s rules, although the directive remains in effect. The e-Privacy Directive, for example, requires agreement before using cookies; the GDPR adds that cookie IDs might be deemed personal data.

Does the e-Privacy Directive apply to my company?

The e-Privacy Directive (ePD) applies to the European Economic Area (EEA), which includes the EU member states as well as Iceland, Liechtenstein and Norway. It does not apply in the United Kingdom. The entities that this“cookie law” applies to include:

  • Internet Service Providers (ISPs)
  • Voice over Internet Protocol (VoIP) providers
  • Messenger apps and similar service providers
  • Phone service providers
  • Internet of Things (IoT) providers
  • Public directory providers, e.g. email or telephone

If your business does any of the following for people in the EU, you need to comply with the e-Privacy Directive. This will become even more important when the e-Privacy Regulation, the law based on the ePD, comes into force.

What are the penalties for not complying with the e-Privacy Directive?

The e-Privacy Directive is not a law, so authorities cannot levy penalties under it. However, under the draft ePrivacy Regulation that will replace it, the fines are in line with those set for GDPR violations:

up to 2% of annual worldwide turnover or up to €10 million, whichever is greater, for less serious violations.

up to 4% of annual worldwide turnover, or up to €20 million, whichever is greater, for more serious violations.

The country-based Data Protection Authorities (DPAs) in EU member countries will impose these fines. There will also be non-financial penalties possible, which can include actions like limiting or stopping data collection.

How DPOsphere can help you comply?

DPOsphere helps you achieve absolute compliance with e-Privacy Directive thanks to deep experience.

Our experts at DPOsphere continue to closely monitor the development process in connection to the e-Privacy Directive to help you prepare for compliance.