New e-Privacy Directive Expected to Take Effect Concurrent with GDPR in May 2018

    Mar 07, 2017 recently summarized the European Commission’s (EC) new e-Privacy Regulation, which is expected to replace the current directive from 2002 and be applied throughout the European Union.

    The EC expects the regulation will be effective concurrent with the launch of the GDPR, in May 2018. The draft of the new regulation is narrower in scope than the GDPR and should not take as long to finalize, according to

    The article summarized the key features of the draft regulation:

    • Scope. The regulation applies to all e-communications service providers, whereas the current law applies only to traditional telecom service providers.
    • Confidentiality. All e-communications must be kept confidential. Any listening, tapping, intercepting, scanning, or storing of e-communications with the user’s consent is not permitted.
    • Communications content and metadata. Metadata and browsing histories must be anonymized or deleted unless consent to retain it has been given by the user. Companies will have the opportunity to utilize the data for business purposes when the users consent.
    • Devices. Data stored in end-user devices, like laptops and tablets, cannot be accessed unless consent has been given or where it is necessary to facilitate technical provisioning of services to that user.
    • Spam. Consent must be given before any unsolicited commercial communications can be transmitted. Member states can also make rules that allow individuals the right to object to marketing calls.
    • Cookies. The consent process for Internet users will be simpler with the introduction of levels of privacy through the users’ browser settings. The need for banner-type cookie consent is being removed. Cookies that are not intrusive will not require consent.
    • Enforcement. National data protection authorities will enforce the new regulations. Fines could reach €10 million or 2% of worldwide annual turnover of an undertaking, whichever is higher. Fines of up to €20 million or 4% of worldwide annual turnover could be enforced for breaches of the provisions on confidentiality, processing of e-data, and limits on data erasure periods.


    The online Global Policy Brief is intended to help you stay current on international news and events. Further information about the issue is accessed by clicking on the link provided at the end of each summary.

    Want to sign up to receive an email version of the Global Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    © 2017, ARMA International