The ePrivacy Directive is a longstanding EU cybersecurity regulation, originally brought into force in 2002 and modified in 2009. Created to protect sensitive data and privacy in the digital age, the directive compelled telecommunications and other organisations to anonymise traffic data after its required use and utilise opt-ins for marketing emails and intrusive cookies.
EU Directives are flexible – while they oblige their member states to implement the substance of the directive, it is up to the states themselves how they realise it. In contrast, EU Regulations are immediately imposed onto all member states when it comes into effect, without change to any national laws.
There has been a new ePrivacy Regulation in the works for some time now, intended to repeal and replace the ePrivacy Directive, providing a stronger basis for the protection of privacy right and enforcement. However, despite the EU’s objective to implement the ePrivacy Regulation with GDPR in May 2018, it is still currently subject to negotiations by the member states and has not been completed.
ePrivacy is meant to be complementary to the GDPR. Where GDPR focuses specifically on personal data and how it is stored or used by a company, ePrivacy is focused more broadly on the confidentiality of electronic communications.
The ePrivacy Regulation, in its current form, has several significant differences from the ePrivacy Directive. Cookies, for example, could be automatically accepted through browser settings, and organisations would have to give equivalent service if a user does not accept their cookies.
The larger shift lies in who the Regulation applies to – in the past, the ePrivacy Directive was aimed toward telecommunications companies. Now, the Regulation will also hold companies that use telecommunications (such as the Internet or cellular network) for their enterprise, such as Facebook, Google and Skype, as well as other tech firms.
The ePrivacy Directive has given the EU a basic framework of privacy protection standards for the Internet age. Now, with the development of social networking, Internet of Things technologies and the rise of data as a commodity, the ePrivacy Regulation is looking to protect EU citizen’s privacy rights as innovations continue to develop.
The new regulation aside, it is still imperative to maintain compliance with the ePrivacy Directive. Need help keeping pace with changing regulations? Integrated risk management solution CyDesk enables a proactive approach to cyber security and compliance. It automates the processes of compliance tracking, giving an overview of overall cybersecurity posture of your organisation and third-party ecosystem.