Skip to main content
NormaGrid

ePrivacy Regulation (ePrivacy)

In process Data & Privacy Proposed Regulation
This proposal has been withdrawn and is no longer being pursued. This page is kept for reference.

AI-assisted content notice: this page includes AI-assisted summaries, FAQs, and glossary entries prepared for navigation purposes. Verify the underlying legal text before relying on this content.

Summary

The proposed ePrivacy Regulation was intended to update and replace the ePrivacy Directive, establishing specific rules for the confidentiality of electronic communications in the EU. However, the proposal has been withdrawn and will not enter into force or impose any legal obligations.

Key Points

  • The ePrivacy Regulation was a proposal to replace Directive 2002/58/EC with a directly applicable regulation for electronic communications privacy.
  • It aimed to complement the GDPR by providing specific rules for the confidentiality of electronic communications.
  • The proposal sought to extend privacy rules to over-the-top (OTT) communications services, such as messaging and webmail.
  • It included provisions for the processing of communications content and metadata, generally requiring user consent or limited exceptions.
  • The proposal addressed the use of cookies and similar tracking technologies, as well as rules for unsolicited direct marketing communications.
  • The ePrivacy Regulation proposal has been withdrawn and will not become law.

Key Deadlines

  • — Commission proposal published
  • — Committee referral announced in Parliament, 1st reading
  • — Vote in committee, 1st reading
  • — Committee report tabled for plenary, 1st reading
  • — Request for plenary vote on entering interinstitutional negotiations
  • — Committee referral announced in Parliament, 1st reading
  • — Committee referral announced in Parliament, 1st reading
  • — Proposal withdrawn by Commission

Related Regulations

Frequently Asked Questions

What was the ePrivacy Regulation?

The ePrivacy Regulation was a proposed EU regulation intended to update and replace the ePrivacy Directive with new rules for the confidentiality of electronic communications.

Is the ePrivacy Regulation in force?

No, the ePrivacy Regulation proposal has been withdrawn and will not enter into force.

What would the ePrivacy Regulation have covered?

The proposal would have covered the processing of electronic communications data, the use of cookies and similar technologies, and rules for direct marketing communications.

Does the withdrawal of the proposal mean any new obligations for organisations?

No, since the proposal was withdrawn, it does not create any new legal obligations.

What happens to the current ePrivacy Directive?

The ePrivacy Directive (Directive 2002/58/EC) remains in effect until further legislative changes are made.

Were there any compliance deadlines for the ePrivacy Regulation?

No, as the proposal was withdrawn before adoption, there are no compliance deadlines.

Will there be penalties for non-compliance with the ePrivacy Regulation?

No, since the proposal was withdrawn and never became law, there are no penalties associated with it.

Why was the ePrivacy Regulation withdrawn?

The specific reasons for withdrawal are not detailed here, but the proposal is no longer being pursued.

Should organisations prepare for the ePrivacy Regulation?

No, as the proposal has been withdrawn, organisations do not need to prepare for its requirements.

Does the withdrawal affect the GDPR?

No, the withdrawal of the ePrivacy Regulation does not affect the applicability or requirements of the GDPR.

Key Terms

Electronic Communications Service
A service that enables the transmission of communications (such as voice, text, video, or images) over electronic networks, including both traditional telecoms and OTT services like messaging apps.
OTT Service
Over-the-top (OTT) services are internet-based communications services, such as webmail, instant messaging, or VoIP, that operate independently of traditional telecom networks.
Terminal Equipment
Devices used by end-users to access electronic communications services, such as smartphones, computers, tablets, and smart TVs.
Cookies
Small text files stored on a user’s device by websites or apps, often used for tracking, analytics, or remembering user preferences.
Consent
A freely given, specific, informed, and unambiguous indication of a user’s wishes, required before processing certain types of electronic communications data or using tracking technologies.
Metadata
Data that provides information about other data, such as the time, duration, or location of a communication, but not its content.
Lex Specialis
A legal principle meaning a more specific law (such as the ePrivacy Regulation) takes precedence over a more general law (like the GDPR) in cases of overlap.
Direct Marketing Communication
Any form of unsolicited communication (such as emails, SMS, or phone calls) sent to individuals for commercial promotion or advertising purposes.
Unsolicited Communications
Messages sent to recipients without their prior request or consent, typically for marketing or promotional purposes.
Strictly Necessary Cookies
Cookies that are essential for the basic functioning of a website or app, such as those needed for authentication or security, and which may be exempt from consent requirements.