What is the ePrivacy Regulation all about?

What is ePrivacy Regulation

We are already living in the future. Humans attacking robots, fridges leaking your passwords, mattresses that can tell you if your partner is cheating on you.  There are even dolls listening to your children and social networks experimenting with your moods. What should the “digital future” look like in terms of privacy? That’s what the ePrivacy Regulation means to define. Discover what the ePrivacy Regulation is all about and what it intends to bring.

GDPR is not sufficient

After the adoption of the General Data Protection Regulation (GDPR), the EU has been benefitting from a (semi) harmonized set of rules to regulate personal data usage.

Article 8 of the European Charter of Human Rights actually inspired the GDPR. It protects the right to respect for one’s “private and family life, his home, and his correspondence”. In a way, it is its transposition into digital life, meant to cover personal data.

But what about your right to privacy and the confidentiality of your communications? Although the GDPR covers a wide range of uses of your personal data, nothing was provisioned to reflect Article 7 of the charter, which enforces respect for a person’s private life, and expands it in the digital field.

What is the ePrivacy Regulation?

Before the ePrivacy Regulation, the ePrivacy Directive was added in 2002 and amended in 2009. Its official name is “Privacy and Electronic Communications Directive 2002/58/EC’’, and it is not a binding law. But it obliges each EU member state to put in place the appropriate regulations to comply with it. Soon, the ePrivacy Regulation will replace it. The first draft was issued in 2017, and it is currently in its final phase of preparation.

The ePrivacy Regulation provides further explanations of some of the concepts that had been discussed in the General Data Protection Regulation. Specifically, it clarifies the notions of unsolicited marketing, cookies and confidentiality.

The ePrivacy Directive used to address traditional communications services operators, exploiting phone lines and SMS. Whereas the ePrivacy Regulation adds email providers to them, but also over-the-top (OTT) services like WhatsApp and Skype, and, even more importantly, machine-to-machine transmissions (IoT devices).

The ePrivacy Regulation won’t allow marketers to send emails or SMS without the explicit permission of the individual concerned.

It will also harden cookies’ use rules. Basically, the ePrivacy Regulation will prohibit all of them, except the ones required:

  • To ensure the communication service;
  • For the sole purpose of audience measuring;
  • To ensure a service requested by the end-user;
  • Or explicitly allowed by the end-user.

Also, from now on, websites will no longer have to ask users for permission to use cookies, as stipulated by the GDPR. The possibility to use cookies and the limits of this permission will now be managed in the user’s software and browser. The user will only have to set once and for all the latitude that he allows websites to use his personal data. This setting will override the consent given in pop-up windows that ask users to specify how websites can use their cookies.

What is the difference between the GDPR regulation and the ePrivacy Regulation?

1/ The GDPR applies only to the personal data of individuals, while the ePrivacy Regulation covers legal entities (meaning individuals, companies, and associations as well).

2/ The GDPR only covers Internet traffic data. The ePrivacy Regulation adds electronic communications content (meaning SMS, voice messages, videos, and images) and electronic communications metadata, which can retrace a communication (origin, destination, location, time, duration, …).

3/ The ePrivacy Regulation is legally binding in each EU member state. Like the ePrivacy Directive, the GDPR needed to be implemented through local bills adoption.

4/ Both the GDPR and the ePrivacy Regulation aim to cover the EU data protection. But the ePrivacy Regulation adds some specifications to the RGPD. This means the ePrivacy Regulation is more specialized than the RGPD, and it overrides it.

What will ePrivacy Regulation actually bring?

The updated ePrivacy Regulation will deal with new aspects. I will include the Internet of Things, communication via messengers like WhatsApp, Signal, Facebook Messenger etc, tracking walls, and who can read your emails or access your devices. Should your email provider read your email to show personalized advertising? (Spoiler: it shouldn’t.) What about WhatsApp using your contact list to suggest new friends on Facebook? Should newspapers know what you read and which other websites you visit?

By not having strong privacy laws, many Internet behemoths control us and benefit from the millions of Europeans who can access the internet. By ensuring that e-Privacy Regulation goes beyond what the current legislation does, we can set higher standards for the EU. It will indirectly concern the rest of the world. Let’s take our ePrivacy back !

Mailfence and the fight for online privacy

By design, Mailfence helps users to reclaim their online privacy, and we support the ePrivacy legislation. We also support organizations like EDRI and EFF.

Beyond being just another privacy-friendly email service, our Mailfence email suite is the best way to start a wide ePrivacy experience. It will help you degoogle your life, with a range of collaborative features :

All these services are secure and private. Want to test their simplicity of use and their user-friendliness? Sign up now for a free account!

Get your secure email
Share This Article
Avatar for Patrick De Schutter

Patrick De Schutter

Patrick is the co-founder of Mailfence. He's been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.

You may also like...