Member Services

01 23 777 88

or complete our Contact Form


01 23 777 23

or complete our Contact Form


ePrivacy Regulation & GDPR

While organisations are only acclimatising to the impacts of GDPR, a new set of regulations focussing on ensuring individual privacy with regard to electronic communications are on the way in the form of the ePrivacy Regulation (ePR). 

As the ePrivacy Regulation governs the specific handling of an individual's data with regards to electronic communications, it could override GDPR in some cases.

What is the ePrivacy Regulation?

The ePrivacy Regulation will repeal the current ePrivacy Directive, a legal act of the European Union, and is expected to come into force sometime in the next year. The regulation aims to guarantee the "right to privacy in the electronic communication sector”.

The regulation will work in conjunction with GDPR to further ensure data is handled with care by organisations and will give individuals more control over their internet data. 

It carries the same penalties as GDPR, which means a possible fine of €20 million or 4% of your annual turnover, whichever is larger.

What does ePR cover?

ePrivacy specifically covers electronic communications which means that, when a data privacy issue is raised regarding communications, regulators will default to ePrivacy for that given instance not, as you may expect, GDPR.

The proposed regulation not only covers email and SMS but also addresses data privacy in services like WhatsApp, Facebook Messenger, Skype and the complex area of Internet of Things (IoT) devices and applications. What’s more ePR will also include regulations and tools to protect metadata associated with electronic communications such as location data.

Will I be able to email an individual at a business?

Article 16.1 of the proposed regulation states: “Natural or legal persons way use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons that have given their consent.”

This means emailing an individual at a business would require prior consent which is in some ways at odds with Recital 4 of GDPR which states that regulation respects the fundamental ‘freedom to conduct a business’.It may also conflict with Recital 47 of GDPR which states that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. 

Further clarification on this issue in particular will be needed.

Simpler Cookies?

ePR aims to simplify the use of cookies, by requiring internet browsers to give end-users more control over the deployment of cookies on their pc or phone enabling you to decide what types of cookies are deployed when you setup your browser .

In theory this could mean the end of consent banners when you visit a site directly affecting things like targeted ads or retargeting ads (the ads which follow you around the internet because you visited a product) but also potentially a lot of the very useful site analytics many organisations use to improve their services for consumers and users.

Share this article!