What is ePrivacy Directive?
The ePrivacy Directive is an EU directive that regulates the processing of personal data in electronic communications, including rules on cookies, direct marketing, and confidentiality of communications.
The ePrivacy Directive (Directive 2002/58/EC), often called the "Cookie Directive," is a European Union directive that specifically addresses privacy in the electronic communications sector. It complements the GDPR by providing specific rules for electronic communications, including requirements for storing information or accessing information stored on end-user devices (such as cookies), rules on unsolicited marketing communications, and protections for the confidentiality of communications.
The most widely discussed aspect of the ePrivacy Directive is its requirement that websites obtain user consent before placing non-essential cookies or similar tracking technologies on user devices. This has led to the widespread adoption of cookie consent banners across websites accessible to EU users. The Directive also requires that direct marketing via email is only permitted with prior consent (opt-in), with a limited exception for existing customer relationships.
The ePrivacy Directive is being updated through the proposed ePrivacy Regulation, which would replace the directive and align it more closely with the GDPR. Until the new regulation is adopted, member states' implementations of the existing directive remain in force. Organizations must ensure their cookie consent mechanisms and electronic marketing practices comply with local implementations. ConsentIQ helps manage cookie consent compliance and preference management across jurisdictions where the ePrivacy Directive applies.
Relevant Regulations
Related Terms
GDPR (General Data Protection Regulation)
The General Data Protection Regulation is the European Union's comprehensive data protection law that sets strict rules for how organizations collect, store, and process personal data of EU residents, with fines up to 4% of annual global turnover.
Cookie Consent
Cookie consent is the requirement under privacy laws for websites to obtain user permission before placing non-essential cookies or similar tracking technologies on a user's device.
Consent Management
Consent management is the systematic process of obtaining, recording, tracking, and managing individuals' consent for the collection and processing of their personal data in compliance with privacy regulations.
Privacy Notice / Privacy Policy
A privacy notice is a public-facing document that informs individuals about how an organization collects, uses, stores, shares, and protects their personal data, as required by data protection regulations.
Opt-In vs. Opt-Out
Opt-in and opt-out are two consent models in data privacy. Opt-in requires affirmative action before data processing can occur, while opt-out assumes consent unless the individual actively declines.