Menu visibility control



Startup Surgery

Most Recent


Iris Capital launches €250m European tech investment fund


Startup Weekly: Welsh tech accelerator calls for applications, Virgin StartUp partners with WeWork and more

Tech City Voices

Culture. There’s no app for that, Kalanick

Press Releases

‘Connected finance’ app Curve hits £50m spend ahead of UK launch
“Coffee, networking and productivity”: Workspace disruptor ‘Lounge’ launches in London
Kompli-Global’s Technology Will Make Life Harder for Money Launderers

What the proposed revision of the EU ePrivacy Directive means for UK tech firms


Earlier this month, the European Commission published a proposal for regulation that seeks to revise the current EU ePrivacy Directive.

The 35-page proposal is the result of a review of Directive 2002/58/EC (the ePrivacy Directive) called for under the Digital Single Market Strategy. The aim is to ensure users of electronic communications services receive a high level of privacy protection.


Jocelyn Paulley, director at international law firm Gowling WLG, said one of the key takeaways from the proposed revision to the ePrivacy Directive is that it demands companies get user consent before accessing any electronic communications content (or metadata related to this) or information on a user’s device. There would be limited exemptions for billing and performing services requested by the user, though.

What the falling price of sterling means for UK tech firms

“This is justified by the European Commission’s research showing that the vast majority of people view this data as confidential,” Paulley added.

Another key takeaway from the proposal is that rules about marketing consents would stay the same. Companies would also still have to gain consent for the use of any privacy-intrusive cookies.

Consent would not be required, however, for non-privacy intrusive cookies, such as those used for anonymous analytics. Also, website operators could point users to setting cookie controls in their browser, rather than the operator having to create their own controls within the website.

Similarities with GDPR

The revision is designed to ensure consistency between the ePrivacy Directive and the General Data Protection Regulation (GDPR), which will be introduced in May 2018.

The new proposed ePrivacy regulation is a separate to the GDPR, but there are a number of parallels between the two.

“The main concern that they [both pieces of regulation] wish to address is transparency to consumers and protecting consumers from uses of their data of which they are not aware,” Paulley said.


Jocelyn Paulley, Gowling WLG

Both GDPR and the ePrivacy update proposal are designed to harmonise the various data protection laws that exist across the EU.

They are also both ‘regulations’ (not ‘directives’), so they will automatically apply to all EU member states without the need for governments to implement national legislation.

The fines levied for breaking the regulation would be at the same levels as those collected for breaches of the GDPR, plus, the same UK regulator – the Information Commissioner’s Office – would be used for both.

As for when the proposed regulation would be applied, Paulley said: “The European Commission wants this to be law by May 2018 to coincide with the end of the implementation period for GDPR.”

Post Brexit

But will either of the regulations actually apply to the UK once Brexit is implemented and the UK leaves the European Union? For a start, companies outside the EU that provide electronic communications services to EU citizens would be subject to both sets of regulation.

In addition, Paulley said: “The government’s current plan is that the very misleadingly named Great Repeal Bill will convert all European laws into English law, so that all European laws will be law in the UK on the date that the UK leaves Europe.”

The British government will then have the option to revoke or amend this new legislation, but Paulley believes that, as with other laws related to privacy and the internet, “there are strong arguments to maintain harmony with the European approach to simplify the cost of compliance for businesses and unlock the €145bn e-commerce market”.

Enter your email address to receive updates straight to your inbox

* indicates required
Send me news on...

Editor's picks


Iris Capital launches €250m European tech investment fund
posted 6 hours ago

Startup Weekly: Welsh tech accelerator calls for applications, Virgin StartUp partners with WeWork and more
posted 10 hours ago

Culture. There’s no app for that, Kalanick
posted 12 hours ago

startup life

Uber’s CEO resigns, over £368m in UK tech funding, a new $3.3bn fund and more in The Week in Tech
posted 14 hours ago


EXCLUSIVE: London-based Inploi raises £500,000, brings total to £1m
posted on June 22, 2017


UK-founded tech startup Blockchain secures $40m Series B
posted on June 22, 2017