top of page

Update of e-Privacy Regulation Concerns Digital Companies


The e-Privacy Regulation (EU) 2016/679, created to repeal the Directive 2002/58/EC as proposed by the European Commission, is increasingly raising concerns for digital companies as it is predicted by some sources to have a financial impact of over € 500 billion on the industry. Previously, the e-Privacy directive required national implementation, consequently resulting in inconsistent enforcement through the European Union (EU). It had come as a complement to the EU’s Data Protection Directive, the exact directive that has recently been replaced by the General Data Protection Regulation (GDPR). The new e-Privacy Regulation, however, will create requirements that will become legally binding across the EU to complement the GDPR. The draft regulation is currently undergoing various revisions, specifically in the areas involving the protection of privacy and confidentiality of an individual’s communications. There is no set date for publication of the regulation as of now, but according to the planning of the current presidency, it is not expected to happen before 2019.

The “Cookie Law”

The new e-Privacy regulation has become known to many as the “cookie law”, as one of the more prevalent proposed regulations deals directly with the usage of cookies. It is the aim of the regulation to simplify the rules regarding cookie usage and to streamline cookie consent. With the new regulation, the consent of non-privacy intrusive cookies will no longer be needed, hopefully improving the internet experience of users. This means that EU websites and websites with EU users will no longer have to display cookie consent pop-ups. However, the user will be able to set browser settings that will enable website users to accept or refuse cookies as well as identifiers as termed by the GDPR. This means that some websites will display pop-ups saying that the user will not be able to visit without cookies.

Direct Marketing

Even though the Commission has now acknowledged the importance of funding free content online for the advertising industry, the new e-Privacy regulation will still undeniably impact the current advertising business model. Spam and unsolicited electronic communications will also fall into this new regulated arena, and Marketing Callers will have to indicate that they are marketing calls to the person being called rather than call from an unknown number. It is known in Brussels that the broadcasting companies, content providers are trying to pull all strings to tame the draft regulation.

Electronic Communications of Legal Persons

The provisions set forth now cover subject matters that are not within the original scope of the regulation, i.e. in terms of the protection of the rights of end-users who are legal persons. According to the provision, electronic communications data may reveal information concerning legal entities such as business secrets of other sensitive information of economic value. These provisions should apply to both natural and legal persons in terms of users of electronic communications services in sending or presenting direct marketing commercial communications. However, this regulation does not apply to the electronic communications data of a deceased person. The regulation – as drafted now – will apply regardless of whether the processing of electronic communications and personal data of end-users occurs in the Union or not, as well as whether the provider or processor is established in the Union or not. However, if the user requests a third-party processor to process their data, that third-party processor will not be covered by this Regulation.

Machine-to-Machine Services

Machine-to-machine (M2M) services are services that involve an automated transfer of data and information between devices and software-based applications with either limited to no human interaction. The conveyance of signals via an electronic communications network required for M2M service constitutes as an electronic communications service and thus in order to order to ensure full protection of rights to privacy and confidentiality, this regulation will apply to the transmission of M2M electronic communications when carried out via an electronic communications service.

What the new e-Privacy regulation means for companies

According to a study done by the French Co-Marketing News, the new Regulation could case companies to lose more than 30% of their Internet traffic. Because of the new cookie related regulations, marketers are looking at a severe loss of consumer data. Previously, marketers purchased data on their targeted consumers for marketing purposes, but with the new required consent of the consumer to the collect of their data, these lists will become much less attractive to companies. Overall, companies will be forced to be more transparent and find new ways in which to approach their consumers data.



bottom of page