All or any e-privacy, directive, act or regulation is massively overdue, this we saw with the general data protection regulation ( GDPR ) that came in to force May 2018. That regulation was an update to the data protection directive 95/46/EC, implemented in 1998. Not only 20 years old, but also as being only a directive, it had been enforced differently across Europe. Another long overdue directive is what we know has the Privacy and Electronic Communications Directive 2002 ( ePrivacy Directive, ePD ).

The media has covered the GDPR extensively in the last year, and companies have scrambled to get compliant. For some, it was too late, and European supervisory authorities have issued fines. €50 million fine to Google from the French through CNIL so far the biggest. In that sense, it has made an impact, but it is still in the early stages of efficiency in terms of policing the regulation. This directive was a continuation of the data protection directive and has increased focus on cookies, spam, the confidentiality of information, data traffic treatment, and similar. An amendment was made in 2009 to cover more in terms of cookies (and that's why we have those annoying popups). The next step now, as with the introduction of GDPR, is the ePrivacy Regulation or ePR. Again a regulation, so it becomes a legal act that goes into effect immediately in all EU states. It was meant to go into effect at the same time as the general data protection regulation, but it was put on hold, as there were substantial discussion and lobbying from prominent industry players. Moreover, when the draft was published, it was too late. The GDPR got main priority, which also delayed the ePrivacy regulation.

ePR & GDPR similarities?

While the GDPR aims to protect your Personal data, the ePR focuses on protecting your personal privacy based on electronic communication. It is essential to understand this difference between the two regulations as it for many will sound the same; however they are dependant on each other.



The GDPR overrides the ePR, and it will complement it in matters where electronic communications data that is personal and supposed to be private. Meaning that the GDPR is the main regulation.



Examples of these are such as consent for cookies and opt-outs. It will make the GDPR a sturdier regulation and cover more areas.

What does the ePR cover?

Being that the IT-based space is evolving at the pace, it is doing the need to update and modernize accordingly, the laws regulating the use of electronic communication.



It states that all communication should be protected.



The method of communication doesn't matter, whether it is sent via satellite, wire, radio, fixed networks, to mention some. The ePrivacy regulation protects it regardless.



The proposed services that the ePR should apply specifically to is: confidentiality, online marketing, and cookies.

Confidentiality

As a general principle, all communication providers should secure their customer data with the latest and best technology available.



Companies such as Facebook, with Whatsapp and Messenger, Skype, and Google through Gmail need to protect their user's data as good as any other service provider.



If a physical company locks its employee's information away for prying eyes with the best available methods, a website or app must make the same effort.



All metadata needs the same treatment as the actual content.

Online Marketing

Emails and text messages are included and need consent before being used.



In essence, as it is now with the consent article (art. 7) in the GDPR, all marketers need to have specific approval from every person they send any marketing.

Cookies

The rules for how cookies work on websites will get simpler.



Cookie settings now will more easily be set in the browser settings.



Also, there will be no need to consent to non-privacy cookies that improve the internet experience, such as cookies to track how many people visit a website.

Other Elements

There is also outlined in the regulation a stronger protection against spam.



Hidden numbers for marketing will not be allowed, and automated calling and SMS services and unsolicited email communication will be banned.



For business owners, asking and getting explicit consent from the customer will now open new doors for business opportunities. Websites can use, for example, heat-maps that tell about the user's interaction with the pages.



IoT or the Internet of Things network will also now get higher scrutiny of cover. The number of devices we keep at home that we connect to the internet is increasing rapidly. The communication between these devices must be encrypted and protected.

Amazon Alexa - Internet of Things