The new ePrivacy Regulation is still set to come into force in 2019.

It’s designed to work alongside the General Data Protection Regulation (GDPR), giving businesses added liability around digital privacy. So before it comes in, what is the ePrivacy Regulation 2019 and how can you prepare your business?

A year on from the GDPR deadline, it’s hard to believe that businesses are due another set of digital reglations. Even though the ePrivacy Regulation is still in draft, the reality is that businesses still need to grips with the rules.

With some controversial sections, it’s taken longer than anticipated to sign off, missing its original deadline of 25 May 2018 (but GDPR did make this shared deadline).

What is ePrivacy?

The EU ePrivacy Regulation, whenever it comes in, will align different online privacy rules across EU member states. It’s specifically concerned with digital practices, and covers areas like online marketing, cookies, confidentiality and more.

What’s the difference between ePrivacy and GDPR?

The two regulations have been created to work together, with ePrivacy adding specific requirements around a person’s private life. Whereas the GDPR coverage for this area was more general, ePrivacy goes into detail, making it a legal requirement for privacy to be protected at every stage of an online interaction.

Will the ePrivacy Regulation replace the ePrivacy Directive?

Yes, according to the current draft and official statements. The ePrivacy Regulation is designed to update and replace the current ePrivacy Directive. Right now, the Directive, alongside the GDPR, helps to legally ensure digital privacy for EU citizens.

As a regulation (rather than a directive), the new set of rules will provide a blanket law for all EU member states, and won’t need to be made into individual laws by each specific country.

Cookie law (UK cookie law is changing)

It looks like the ePrivacy Regulation will give a much tighter legal framework for UK law on cookies (along with similar tools that collect data from devices like laptops and smart phones).

To use cookies, businesses will need to prove that they’re necessary for sending communications or ensuring security, or that the user has given consent. This is an area of debate within the draft, and has gone through several suggestions.

When will the ePrivacy Regulation come in?

Not before the end of 2019, but as with GDPR, the key for businesses will be to stay up-to-date (use our Legal & Finance and News hubs to help you) and be ePrivacy-ready ahead of its enforcement. Fines for non-compliance are likely to be as harsh as for GDPR, which runs into the tens of millions at a maximum level.

The ePrivacy Regulation’s latest draft was published in March, and has been approved by the EU Council. Negotiations with the European Parliament will start after the upcoming May 2019 EU Parliament elections.