By K Royal It seems that every time we turn around, a country, regulator, or legislator in Europe
is issuing a new law, rule, directive, guidance, or legislation that changes (and strengthens)
the way companies handle personal data. The newly proposed Regulation of Privacy and
Electronic Communications (the ePrivacy Regulation)
1 is no different. We saw a leaked draft2
back in December, shortly followed by an official draft in January 2017. The ePrivacy Regulation
will replace the existing Directive 2002/58/EC (also known as the Cookie Laws). The update is
intended to harmonize current ePrivacy laws and ensure that they align with the General Data
Protection Regulation (GDPR), with an ambitious effective date of the May 25, 2018 — the same
effective date as the GDPR.
■ ■ The new age. The European
Commission is becoming
increasingly focused on ensuring
stronger online privacy protection,
simpler rules for cookies,
and transparent marketing
via phone, email, or text.
■ ■ In the process. The draft
regulation intends to apply
to three types of service
categories: ( 1) internet
access, ( 2) interpersonal
communications, and ( 3) other
services comprising wholly or
mostly of signal conveyance.
■ ■ Level of consent. Recent
changes to ePrivacy regulations
in the European Union state
that privacy will be guaranteed
for both content and metadata.
This means that all data must
be deleted or anonymized
unless otherwise provided
with the end-users’ consent.
■ ■ Back to market. Under the
proposed ePrivacy regulations,
end-users are to be provided
with the ability to identify,
block, and unsubscribe to