ePrivacy Directive

The ePrivacy Directive protects confidentiality of electronic communications and regulates the use of cookies and similar tracking technologies. It requires consent for storing information on user devices, prohibits unsolicited marketing communications, and ensures the confidentiality of communications content and metadata.

The ePrivacy Directive complements the GDPR for the electronic communications sector. It protects the confidentiality of communications, prohibiting interception or surveillance without user consent or legal authorization. For cookies and similar tracking technologies, it requires informed consent before placing non-essential trackers on user devices. The directive also regulates unsolicited communications: email marketing requires prior opt-in consent, while telephone marketing may use opt-out depending on member state implementation. Traffic data (who contacted whom, when, from where) and location data receive special protection and may only be processed with consent or when anonymized. A proposed ePrivacy Regulation has been under negotiation since 2017 to update these rules for modern communications services including OTT messaging apps.