Proposed ePrivacy Regulation

The ePrivacy Directive (Directive 2002/58/EC), also nicknamed the “Cookie Directive” because of its rules on storing and accessing data on a users’ device, such as so-called Internet cookies, is a directive primarily regulating the processing of personal data in the electronic communications sector, i.e. by telecommunications providers. The ePrivacy Directive (ePD) is of importance to the digital advertising industry because of the aforementioned rules on cookies, which are of general application and not limited to the electronic communications sector. Cookies play an important role in websites delivering a personalised experience, including relevant advertising. The ePrivacy Directive stipulates that member states must create rules that require website operators to inform the user concerned about the use of cookies and obtain their consent for the use of (most) cookies. Now, the Commission has proposed repealing and replacing the Directive with an ePrivacy Regulation. As a matter of EU law, Regulations can be relied upon directly by citizens, meaning that EU Member States no longer have a role in interpreting its application to fit within their national legal order. In its current form, the Regulation would require the consent of users in line with the rules of the General Data Protection Regulation for the lawful use of cookies, advertising identifiers (e.g. IDFA and AAID), device fingerprinting, etc. to collect information (not just personal data) and to deliver targeted advertising. The proposed Regulation would also mandate browsers and other software to provide the option to actively prevent data collection through cookies et al., and to force users to make a choice as to their privacy preferences during installation. This would be the case not just for web browsers, but for any application or device which can connect to the internet. For more information on the political and legal aspects of the proposal, check out IAB Europe’s ‘Cookie Regulation FAQ’, along with IAB Europe’s (updated: October 2018) position paper on the proposed ePrivacy Regulation below.

Lines (1)