Communication protection – ePrivacy Regulation 2019

The implementation of the ePrivacy Regulation led to nervousness across the business sector. Business leaders did one of two things; buried their heads in the sand with the hope that the regulation would not affect them or they took action, updated their organisational policies and procedures, hired a DPO, tightened their internet security and formulated an information security strategy and plan.

The ePrivacy Regulation comes into effect right after GDPR as an extension to it. It aims to protect the privacy and confidentiality of communications.

ePrivacy Regulation as an extension to the GDPR

Initially, the ePrivacy Regulation intended to act as an extension to the GDPR, and the two would run simultaneously, but the extra rules and complications involved in the formulation of the ePrivacy Regulation have required some tweaking, updating and gathering of extra privacy-related add-ons to go into this particular chapter of the privacy compliance rulebook.

Role of ePrivacy in communication data

The ePrivacy Regulation impacts communications data. It covers every aspect of communication including WhatsApp, Cookies, Skype, Alexa etc. It does this by gathering explicit consent and transparency about how businesses use this data. The EU ePrivacy Regulation is a new addendum to the rulebook. It is an ever-growing movement towards giving greater powers to consumers on the handling of their online privacy and data.

First concept

The first concept of the ePrivacy Regulation came into place in 2002, along with the birth of the ePrivacy Directive. The ePrivacy Regulation 2019 will repeal the earlier ePrivacy Directive of 2002. The ePrivacy Directive came about initially as a reaction to internet browsing cookies, its pseudonym being the “cookie law”. It had developed since its inception 14 years ago, naturally in line with technology. Back in 2002, nobody envisaged how technology would change the way we communicate today with iPhones being the standard and landlines becoming extinct. The evolution in technology and data-driven business is alarming to many privacy activists. And obviously, privacy rules have to come into play to protect the incredible bulk of personal information gathered on consumers.

The EU ePrivacy 2019 combined with GDPR

The EU ePrivacy Regulation 2019 combined with the GDPR incorporates a multidisciplinary approach to privacy. It will enhance the privileges enshrined in the European Charter of Human Rights, in particular, Article 7 and the correlation with the Charter’s respect for privacy with regulation. The EU ePrivacy Regulation demands specific requirements for consent, the use of cookies and opt-in/opt-out preferences for internet users and online consumers. Article 8 of the Charter relates to the right to data protection as implemented by the GDPR. Hence, the side-by-side nature of the GDPR and the EU ePrivacy Regulations in going the extra mile in protecting data and privacy. You can conduct the PECR audit for your organisation to ensure you can identify your current gaps with respect to the ePrivacy Regulation and take measures to close these gap to become compliant with this regulation.


After GDPR, the ePrivacy Regulation 2019 has brought a list of new rules that businesses must comply with in order to remain compliant. The regulation applies, in particular, to all aspects of marketing concerning cookies, instant messaging apps and any interaction through the “Internet of Things”. The ePrivacy Regulation will only harm organisations (and inadvertently individuals) if they choose to ignore or fail to invest in the necessary compliance requirements and risk incurring penalties.

Hard Facts to know!
Hard facts include the cessation of all cold calling, whether this is by phone, email or text. The trend of unsolicited digital communication is going to end. Similarly, marketers will have to comply with the ePrivacy Regulation. Explicit consent and transparent online privacy policies will be all-encompassing for most businesses. It may appear more of a challenge than it needs to be, as those companies already in the proactive camp will have in place measures to ensure GDPR compliance, the ePrivacy Regulation is merely an extension of this that applies to communications.

In the same vein, where GDPR has enhanced the trust aspect between a compliant company and its customers, the ePrivacy Regulations need embracing. Proactive companies, and marketers in particular, who ensure they show transparency about the consumer data they collect or track will surely gain the trust of their customers.

Involvement of Cookies

Areas for more stringent restrictions are those concerning cookies. Cookies are fundamental for marketing companies who are driven explicitly by displaying advertising, retargeting and paid search campaigns. As they provide invaluable information on what products consumers are looking at. Buying cookie-based advertising accounts for 43% of marketers with this figure likely to drop due to the cookies restrictions under the ePrivacy Regulation. Ultimately, the ePrivacy Regulation provides individuals more choice as to specific cookie preferences through the requirement for consent.

The digital era has impacted profoundly on how people communicate with each other. Statistics show that communicating via app-based software such as Facebook, Messenger and WhatsApp have increased over the past five years. The EU will put the same requirements of care as those placed upon the giant telecommunication providers. As a result, any data collected via these apps including telephone numbers, location information, IP addresses, require the exact level of protection as afforded by the conglomerates, including obtaining consent to retain data no longer needed. Without consent, data is deleted or anonymized.

Technological advances are on the rise with AI machine learning and communications collecting, storing and sharing valuable information. Therefore, it is crucial to ensure the safekeeping of that data and ensure compliance with regulations.

The multidisciplinary approach imposed by the European ePrivacy Regulation will greatly address the growing risk of cybercrime. The ePrivacy regulation stipulates that organisations must ensure their systems are secure, utilizing preventative and detective due diligence. Thereby, they build trust with their users and set a benchmark that serves as a competitive advantage.

Businesses that have not already done so, should immediately implement an internal ePrivacy compliant communications policy. They must also include ongoing monitoring to improve internal functions. And also processes to ensure enhanced legal compliance with the EU ePrivacy Regulation. The policy should include actionable procedures across the board in the event of a cyber attack.

There are considerable benefits in data analysis, data collection and data sharing. Data is gold to marketers. GDPR and ePrivacy Regulation are the brakes to prevent the careless and illegal treatment of this precious resource. Compliance may appear elusive. But, burying one’s head in the sand will only damage an organization, both its reputation and its finances. However, the real danger is risking the privacy of individuals, which every organization will avoid.

Organizations must ensure that they perform a PECR audit. Update all their policies and implement a GDPR & PECR Compliant Cookie Consent Management Solution. They should ensure that they comply with the ePrivacy Regulation.