What is the e-privacy regulation? (1/2)


To most of us, the new General Data Protection Regulation (“GDPR”) seems to be all over the place and the single most important regulatory game changer as of late, but in its wake will also follow many other regulatory changes. One of these is the e-Privacy regulation, which will complement the GDPR in regards of cookies and electronic communications.

In this blog post, we will look at some of the expected impacts on digital businesses in terms of compliancy with new obligations. In part 2, we will discuss the expected new business areas which are likely to be enabled by the regulation.

  • Most noteworthy with the e-Privacy regulation is that it is likely to be connected directly to the hefty sanctions in the GDPR: administrative fines of potentially 4 % of the company’s worldwide annual turnover (or 20 000 000 EUR whichever is higher).
  • The e-Privacy regulation is aware of the privacy issues connected with the widespread use of third-party cookies (which can track users’ online behaviour to a great level of detail), and will therefore impose stricter requirements on the user’s consent the use of cookies. Most likely the conditions for consent under the GDPR will also apply for the e-Privacy regulation, meaning that consent shall be informed, specific and withdrawable.
  • The user shall be reminded of the possibility to withdraw consent at periodic intervals.
  • The e-Privacy regulation will probably also impose requirements on providers of web browsers: they shall provide options to prevent third-party cookies and be more informative about privacy settings.
  • Users should be able to express consent to the use of cookies via settings in their web browsers.

The proposal for the e-Privacy regulation is currently subject to much discussion (in regards of inter alia wifi-tracking of persons, and “tracking walls” demanding that website visitors accept third-party cookies). The aimed for launch date of the regulation, 25th May 2018, is ambitious, and it remains to be seen both if the e-Privacy regulation will become applicable law on this date, and if so, what content it will then have.

From this non-exhaustive look at the proposal for the coming e-Privacy regulation, it is evident that digital businesses will need to assess their current cookie practices and most likely implement changes in the future to be compliant with the applicable rules.

For further information, please contact Ida Häggström or Vencel Hodák.