The e-Privacy Regulation (ePR) is an upcoming European Regulation that should replace the current, outdated e-privacy directive (directive 2002/58/EC). The changes mainly focus on improving the security and confidentiality of digital means of communication and establishing clearer rules about tracking technologies, such as cookies.
The new e-privacy legislation comes into being as a Regulation, the current e-privacy legislation is a directive. The difference between these thow is that a Regulation is directly applicable within all member states. This means that citizens can directly invoke this European law. With directives, member states must first transpose this European law into national law. This takes time.
The Regulation focuses on modern technologies. It focuses primarily on companies that communicate online, use tracking technologies and direct marketing. Today, most companies will fall under this. For example, the regulation is not only about communication via the internet and the mobile network, but also about internet applications (such as Skype), services from internet providers, big data applications, wifi tracking and privacy-by-default. The Regulation also greatly revised the current cookie legislation. The e-Privacy Regulation is likely to have significant consequences for the content of the cookie statement and banner. Clarification and simplification will be the most important goals here.
The e-Privacy Regulation is intended as “lex specialis” for the GDPR. This means that the e-Privacy Regulation will go beyond the GDPR. The e-Privacy Regulation can be seen as a more specific regulation, which further elaborates the somewhat general terms and frameworks of the GDPR. This specifically with regard to electronic communication data.