Menu visibility control



Startup Surgery

Most Recent

Tech City Voices

Spring Budget 2017: The key takeaways for tech entrepreneurs


Top tech stats: Job automation, driverless cars and much more


Startup Weekly: Nesta’s £5m prize fund, Digital Catapult and Seedcamp’s VR cohort and much more

Press Releases

Starling Bank unveils beta as it begins roll out to first customers
VentureFounders surpasses £40m funding mark in 2 years of operation
Software testing leader TestPlant appoints Dr. John Bates as CEO

What the proposed revision of the EU ePrivacy Directive means for UK tech firms


Earlier this month, the European Commission published a proposal for regulation that seeks to revise the current EU ePrivacy Directive.

The 35-page proposal is the result of a review of Directive 2002/58/EC (the ePrivacy Directive) called for under the Digital Single Market Strategy. The aim is to ensure users of electronic communications services receive a high level of privacy protection.


Jocelyn Paulley, director at international law firm Gowling WLG, said one of the key takeaways from the proposed revision to the ePrivacy Directive is that it demands companies get user consent before accessing any electronic communications content (or metadata related to this) or information on a user’s device. There would be limited exemptions for billing and performing services requested by the user, though.

FinTech top tips: How to prepare for new EU financial instruments regulations

“This is justified by the European Commission’s research showing that the vast majority of people view this data as confidential,” Paulley added.

Another key takeaway from the proposal is that rules about marketing consents would stay the same. Companies would also still have to gain consent for the use of any privacy-intrusive cookies.

Consent would not be required, however, for non-privacy intrusive cookies, such as those used for anonymous analytics. Also, website operators could point users to setting cookie controls in their browser, rather than the operator having to create their own controls within the website.

Similarities with GDPR

The revision is designed to ensure consistency between the ePrivacy Directive and the General Data Protection Regulation (GDPR), which will be introduced in May 2018.

The new proposed ePrivacy regulation is a separate to the GDPR, but there are a number of parallels between the two.

“The main concern that they [both pieces of regulation] wish to address is transparency to consumers and protecting consumers from uses of their data of which they are not aware,” Paulley said.


Jocelyn Paulley, Gowling WLG

Both GDPR and the ePrivacy update proposal are designed to harmonise the various data protection laws that exist across the EU.

They are also both ‘regulations’ (not ‘directives’), so they will automatically apply to all EU member states without the need for governments to implement national legislation.

The fines levied for breaking the regulation would be at the same levels as those collected for breaches of the GDPR, plus, the same UK regulator – the Information Commissioner’s Office – would be used for both.

As for when the proposed regulation would be applied, Paulley said: “The European Commission wants this to be law by May 2018 to coincide with the end of the implementation period for GDPR.”

Post Brexit

But will either of the regulations actually apply to the UK once Brexit is implemented and the UK leaves the European Union? For a start, companies outside the EU that provide electronic communications services to EU citizens would be subject to both sets of regulation.

In addition, Paulley said: “The government’s current plan is that the very misleadingly named Great Repeal Bill will convert all European laws into English law, so that all European laws will be law in the UK on the date that the UK leaves Europe.”

The British government will then have the option to revoke or amend this new legislation, but Paulley believes that, as with other laws related to privacy and the internet, “there are strong arguments to maintain harmony with the European approach to simplify the cost of compliance for businesses and unlock the €145bn e-commerce market”.

Enter your e-mail address to receive updates straight to your inbox

* indicates required
Send me news on...

Editor's picks

Big Ben Spring Budget 2017

Spring Budget 2017: The key takeaways for tech entrepreneurs
posted 16 hours ago

jobs automation top tech stats

Top tech stats: Job automation, driverless cars and much more
posted on March 25, 2017

Startup Weekly

Startup Weekly: Nesta’s £5m prize fund, Digital Catapult and Seedcamp’s VR cohort and much more
posted on March 24, 2017

London skyline

FinTech startup Quantexa lands $3.3m Series A led by Albion Ventures and HSBC
posted on March 24, 2017

The North of England

The top tech hubs in the North of England
posted on March 24, 2017

TWIT Emily 23.03.17

A $30.4m Series B, a £120m AI fund, a Mario Kart hack and more in The Week in Tech
posted on March 24, 2017