Guide to ePrivacy Regulation: What Every Individual Should Understand

Home | Blog | Guide to ePrivacy Regulation: What Every Individual Should Understand

The ePrivacy Regulation is a new law that will protect our privacy and confidentiality when we use electronic communications in the EU. It will replace the old ePrivacy Directive, which was outdated and inconsistent across different countries. 

Together with the GDPR, the ePrivacy Regulation will further strengthen the privacy of information. The GDPR is the main data protection law in the EU that ensures personal data protection.

Electronic Communication Affected by the ePrivacy Regulation

The new EU ePrivacy Regulation will apply to any form of electronic communication, such as text messages, phone calls, online shopping, or social media. It will affect anyone who provides or uses these services, such as:

  1. Messaging apps like WhatsApp, Facebook, and Skype
  2. Businesses that send direct marketing messages
  3. Websites that use cookies or other tracking technologies
  4. Apps that involve electronic communication
  5. Internet service providers and telecom companies

Why was the ePrivacy regulation introduced?

The ePrivacy Regulation will give us more control over our online privacy and prevent unwanted tracking, spamming, or hacking. It will also make it easier for us to access and use different services across the EU, without having to worry about different rules or standards.

This new privacy regulation is not yet in force, but it is expected to become law soon. It was first proposed in 2017 and has gone through several changes since then. It is now in the final stage of negotiations between the EU institutions and the member states. Once it is agreed upon, it will be directly applicable in all EU countries, without needing to be adopted by national laws. However, some minor adjustments may be made by each country to clarify or specify certain aspects of the ePrivacy Regulation.

The ePrivacy Regulation: What it applies to and what it does not

The ePrivacy Regulation is a new law that will affect how online communication and data are handled. It will replace the old ePrivacy Directive, also known as the ‘Cookie Law,’ which was more limited in scope. The ePrivacy Regulation will apply to both traditional and modern forms of electronic communication, such as phone calls, emails, texts, and social media messages. It will also cover machine-to-machine communication, such as the Internet of Things (IoT).

The ePrivacy Regulation will have stricter rules for obtaining consent from users than the current ePrivacy Directive. It will cover the following key areas:

Electronic Communication

The ePrivacy Regulation will include new forms of communication that were not covered by the old Directive, such as messaging apps like WhatsApp and Facebook Messenger, and voice-over-internet protocol (VoIP) services.


This privacy regulation aims to change how users can give or refuse consent for cookies and other online identifiers. Instead of having to consent to cookies on every website, users will be able to set their preferences through their browser settings. This will make it easier for users to control their online privacy.

However, some cookies that are necessary for technical reasons, such as keeping items in a shopping cart, will not require consent. On the other hand, cookies that are used for tracking, such as for advertising purposes, will still require consent.


The privacy law will provide stronger protection against spam, such as unwanted text messages, emails, and phone calls. Marketers will have to show their contact details or a special code when they make promotional calls.

Direct Mail

The ePrivacy Regulation will require consumers to give explicit consent before they receive any marketing material from a business. They will also have the option to opt-out at any time through unsubscribe messages.


The law will also affect the metadata of electronic communication, which is the data that describes other data, such as the author, date, and location of a message. Metadata will have to be anonymized or deleted unless users give their consent, except when the data is needed for billing purposes.

Cookie Walls

Cookie Walls are websites that block access to their content unless users agree to the use of cookies. The ePrivacy Regulation will aim to ban cookie walls. However, cookie walls may be allowed under the ePrivacy Regulation if users have a choice between paying for a service or agreeing to cookies, and if they are given clear, simple, and user-friendly information about the use of cookies on the website.


The ePrivacy Regulation is crucial for overseeing the confidentiality and privacy of electronic communications. It aims to protect sensitive information exchanged in such communications, covering personal details like health, sexual preferences, and political views. 

This new regulation also addresses the control of metadata, revealing information like dialed numbers, visited websites, location, and activity timestamps. This metadata can expose private aspects of individuals’ lives, including relationships, routines, habits, interests, and preferences. The ePrivacy Regulation applies to both individuals and legal entities, safeguarding against potential personal harm, financial losses, and the disclosure of sensitive business information.