Privacy Regulation: What You Need to Know About the Next BIG European Data Privacy Law

ePrivacy alongside sister regulation GDPR is set to present stronger privacy rules for electronic communication services and more challenges for tech companies

What is the proposed Regulation?

In early January 2017 the European Commission proposed a stronger regulation on privacy relating to electronic communications to update current legislation and also to bring it in line with GDPR (General Data Protection Regulation which came into effect on May 25, 2018). The bill aims to strengthen the reforms of the EU data protection framework to regulate personal data online. It is also the aim of EU lawmakers to ‘reinforce trust and security within the Digital Single Market’.           

Essentially this means that ePrivacy will govern more stringently electronic communication technologies that EU citizens are using every day. These include Skype, WhatsApp, Facebook messenger, Gmail, iMessage and Viber to name a few. For example, the draft legislation outlines that the aforementioned services will need to obtain prior permission from service users before collecting data or placing tracking codes on user devices. The legislation also wishes to regulate ‘direct marketing communications to end-users’ via email and give internet users more control over the deployment of cookies when browsing online.


European Data Protection Supervisor, Giovanni Buttarelli, argues that “the adoption of the proposed ePrivacy Regulation is crucial to protect the fundamental rights to privacy and the protection of personal data in the digital age”.

Thanks to the enlivened conversation surrounding data privacy in 2018, Europeans are calling for stronger privacy protection online. 92% of respondents to an EU survey on ePrivacy stated that, ‘it is important that personal information (on electronic devices) can only be accessed with their permission’.  The same number of respondents answered that, ‘it is important that the confidentiality of their emails and online instant messaging is guaranteed’.

Andrew Burt, chief data officer at Immuta argues that in terms of data privacy, there is at present a  huge divide as  ‘a few organizations are increasingly in charge of much of our data, which presents a huge danger both to our privacy and to technological innovation’.

ePrivacy legislation will benefit EU citizens and businesses in that users will assert more control over their devices and services which will require their clear consent before cookies are stored. Much like GDPR, one of the most stringent personal privacy legislations in existence, ePrivacy would protect EU citizens from interceptive electronic devices invasively monitoring their daily communication.


ePrivacy legislation was initially anticipated to be implemented on the same day as GDPR came into effect in 2018. However, thanks to strong opposition for the bill, lawmakers have been prevented from setting an exact date. However, the legislation is expected to be adopted in 2019 with European Data Protection Supervisor, Giovanni Buttarelli, noting his is “relatively optimistic’ an agreement can be reached before May this year.


Opponents to the bill argue that it will have far reaching economic impacts and disrupt technological innovation. Large and smaller tech companies are unanimously opposing the bill along with disgruntled advertisement and marketing agencies who rely on current policies to reach consumers. According to the Developers Alliance, a trade group who represent Tech giants Google, Intel and Facebook, the stringent nature of the legislation, could cost businesses more than €550 billion.


The cost of becoming compliant with ePrivacy will be significant. Just like with the enforcement of GDPR businesses will have to prepare to spend substantially on the preparation and implementation of ePrivacy. The draft bill states that fines can represent 4% of annual global income or 20 million euros; whichever amount is higher.  Forrester Research, a U.S. based research company, noted that large companies were budgeting on average $20-$25 million to become GDPR-compliant, with smaller companies allocated on average between $4 to $5 million.

About DiliTrust 

Our technology is compatible with your privacy. As a French owned company, your private data is stored in France, Canada and the UAE and is not subject to U.S. data legislation. Your data stays your own with our secure software solutions.