Menu visibility control



Startup Surgery

Most Recent

Tech City Voices

Making gender pay gap reporting work for tech


Top tech stats: UK FinTech, Brexit, cybersecurity and more


Startup Weekly: Just Eat’s FoodTech cohort, TrueStart’s call for applications and much more

Press Releases

Redbox Digital Gains Prestigious Magento Global Elite Partner Status
More than £1m transacted using Loot in its first 4 months
HT2 Labs receives Series A investment from City & Guilds Group

What the proposed revision of the EU ePrivacy Directive means for UK tech firms



Related articles


Earlier this month, the European Commission published a proposal for regulation that seeks to revise the current EU ePrivacy Directive.

The 35-page proposal is the result of a review of Directive 2002/58/EC (the ePrivacy Directive) called for under the Digital Single Market Strategy. The aim is to ensure users of electronic communications services receive a high level of privacy protection.


Jocelyn Paulley, director at international law firm Gowling WLG, said one of the key takeaways from the proposed revision to the ePrivacy Directive is that it demands companies get user consent before accessing any electronic communications content (or metadata related to this) or information on a user’s device. There would be limited exemptions for billing and performing services requested by the user, though.

The European Commission’s Digital Single Market explained

“This is justified by the European Commission’s research showing that the vast majority of people view this data as confidential,” Paulley added.

Another key takeaway from the proposal is that rules about marketing consents would stay the same. Companies would also still have to gain consent for the use of any privacy-intrusive cookies.

Consent would not be required, however, for non-privacy intrusive cookies, such as those used for anonymous analytics. Also, website operators could point users to setting cookie controls in their browser, rather than the operator having to create their own controls within the website.

Similarities with GDPR

The revision is designed to ensure consistency between the ePrivacy Directive and the General Data Protection Regulation (GDPR), which will be introduced in May 2018.

The new proposed ePrivacy regulation is a separate to the GDPR, but there are a number of parallels between the two.

“The main concern that they [both pieces of regulation] wish to address is transparency to consumers and protecting consumers from uses of their data of which they are not aware,” Paulley said.


Jocelyn Paulley, Gowling WLG

Both GDPR and the ePrivacy update proposal are designed to harmonise the various data protection laws that exist across the EU.

They are also both ‘regulations’ (not ‘directives’), so they will automatically apply to all EU member states without the need for governments to implement national legislation.

The fines levied for breaking the regulation would be at the same levels as those collected for breaches of the GDPR, plus, the same UK regulator – the Information Commissioner’s Office – would be used for both.

As for when the proposed regulation would be applied, Paulley said: “The European Commission wants this to be law by May 2018 to coincide with the end of the implementation period for GDPR.”

Post Brexit

But will either of the regulations actually apply to the UK once Brexit is implemented and the UK leaves the European Union? For a start, companies outside the EU that provide electronic communications services to EU citizens would be subject to both sets of regulation.

In addition, Paulley said: “The government’s current plan is that the very misleadingly named Great Repeal Bill will convert all European laws into English law, so that all European laws will be law in the UK on the date that the UK leaves Europe.”

The British government will then have the option to revoke or amend this new legislation, but Paulley believes that, as with other laws related to privacy and the internet, “there are strong arguments to maintain harmony with the European approach to simplify the cost of compliance for businesses and unlock the €145bn e-commerce market”.

Enter your email address to receive updates straight to your inbox

* indicates required
Send me news on...

Editor's picks

gender pay reporting

Making gender pay gap reporting work for tech
posted 7 hours ago

tech stats

Top tech stats: UK FinTech, Brexit, cybersecurity and more
posted on April 22, 2017

startup weekly

Startup Weekly: Just Eat’s FoodTech cohort, TrueStart’s call for applications and much more
posted on April 21, 2017

Divido EP winner

Meet our FinTech Startup of the Year: Divido
posted on April 21, 2017


GP Bullhound: UK’s ranking in FinTech declines slightly as China takes the lead
posted on April 21, 2017

TWIT 21.04

Nauta Capital’s $100m raise, Cera’s £1.4m Seed top up, Appear Here’s US expansion and more in the Week in Tech
posted on April 21, 2017