The EU ePrivacy Regulation

Our comprehensive commentary on ePrivacy Regulation

In the ever-evolving digital landscape, businesses are facing a multitude of legal requirements and regulations:

  • ensure compliance
  • protect personal data
  • foster fair competition

This is especially important when dealing with personal data and thus ePrivacy issues. To assist businesses in navigating this complex terrain, with we are offering a comprehensive commentary. This covers all key aspects of law that touches ePrivacy, data protection, electronic communication and digital markets in the European Union (EU):

"The EU ePrivacy Regulation - Preliminary Guidance and Commentary" by Dr. Paul Voigt and Dr. Axel Frhr. von dem Bussche.

This insightful commentary offers preliminary interpretations of the ePrivacy Regulation. It also provides practical recommendations to help businesses prepare for the anticipated legal situation. Thus, it enables them to understand the potential impacts on their operations.

Read our blog: The EU ePrivacy Regulation

Preliminary guidance and commentary

Visit our blog on ePrivacy Regulation
Visit our blog on ePrivacy Regulation

Background to the EU ePrivacy Regulation: GDPR and protection of personal data

The planned ePrivacy regulation, also known as the “Regulation concerning the respect for private life and the protection of personal data in electronic communications” is an important piece of European Union legislation for EU countries. It strengthens data protection and safeguard the privacy of users in the digital world. It complements the General Data Protection Regulation (GDPR) and sets down specific and GDPR-compliant rules for the processing of personal data in electronic communications.

The main objective of the new ePrivacy regulation is to ensure the privacy protection of users’ when using technology in form of electronic communication services. It covers various forms of communication such as:

  • emails
  • SMS
  • telephone calls
  • VoIP

Other similar services are covered as well. The regulation provides strict rules for businesses and specifically for the collection, use, storage and disclosure of personal data and information by communications service providers. To guarantee a certain level of privacy protection, it ensures that users’ consent is required for the processing of their data and that appropriate security measures are taken to ensure the confidentiality of communications.

The new EU regulation is a response to increasing digitization and the growing need of data protection. It helps to increase trust in companies and their digital services. This way it improves the protection of personal data. Companies providing electronic communications services must comply with the provisions of the regulation to avoid legal consequences and financial penalties.

ePrivacy: current status

The ePrivacy Regulation has gone through a lengthy and complex legislative process. It was originally set to enter into force at the same time as the General Data Protection Regulation (DGPR) on 25 May 2018. However, the EU Member States have so far not been able to agree on a draft for the new regulation. This has obviously resulted in delays.

Since the publication of the first draft of the ePrivacy Regulation by the EU Commission in January 2017, various amendments and discussions have taken place. The EU Parliament adopted an amended draft, and drafts from various EU Council presidencies followed. Some proposals have been made to work towards a compromise, but no binding draft text has been adopted yet.

Three-way negotiations are currently underway between the EU Commission, the Parliament and the Council of the European Union to reach agreement on the final text of the regulation. The Portuguese Council Presidency has played an important role in this. It tried to convince the Member States to press ahead. However, due to some outstanding sticking points, the entry into force of the e-Privacy Regulation cannot be expected before the end of 2023.

Despite the delays, it can be helpful for companies and organisations to start addressing the requirements of the ePrivacy Regulation now. Experience with the General Data Protection Regulation (GDPR) has shown that early preparation for new data protection laws is crucial.
Updates and live-commentary on ePrivacyRegulation

We are a leading international tech law firm. Our mission is to continuously inform the public about important legal developments in ePrivacy. For this purpose, we would like to offer you "", a live commentary that analyses the ePrivacy Regulation article by article.

Visit our blog "" and keep up to date with the latest developments surrounding the ePrivacy Regulation. Do you have questions or comments on our commentary? Dr. Paul Voigt and Dr. Axel Frhr. von dem Bussche answer your questions and help you implement the data protection regulations.

FAQ on the ePrivacy regulation

What is the ePrivacy Regulation?

The ePrivacy Regulation is a European Union (EU) Regulation that specifically regulates the protection of privacy in electronic communications. It complements the General Data Protection Regulation (GDPR) and covers issues such as cookies, direct electronic marketing, data transfer and confidentiality of communications.

When does the ePrivacy Regulation come into force?

The exact date on which the ePrivacy Regulation will enter into force is not yet clear. Originally, it was planned that it would enter into force at the same time as the GDPR in May 2018. However, there were delays in the negotiations and the exact date is still subject to discussions and negotiations.

What is the current status of the ePrivacy Regulation?

The current state of play regarding the ePrivacy Regulation is that negotiations are still ongoing. There is not yet a final text or date of entry into force. The regulation has been revised several times. But there is still disagreement on certain aspects, in particular regarding the rules on cookies and confidentiality of communications. It is expected that negotiations will continue in the coming months.

Does the ePrivacy Regulation apply to non-EU companies?

Yes, the ePrivacy Regulation, like the General Data Protection Regulation (GDPR), has extraterritorial scope, meaning it can apply to companies outside the European Union (EU) under certain conditions.

Read our blog: The EU ePrivacy Regulation

Preliminary guidance and commentary

Visit our blog on ePrivacy Regulation
Visit our blog on ePrivacy Regulation