E-Privacy Regulation

19 February 2020

In January 2017, the European Commission published an initial proposal for an E-Privacy Regulation (ePR), to update and replace the E-Privacy Directive (2002/58/EC).

The proposed regulation has some worrying changes:

• the soft opt-in that allows marketers to use electronic marketing to existing customers will be time-limited to 12 months;
• websites will need to have functionality to facilitate individual and specific consent;
• all live marketing calls and B2B marketing will need prior consent.

It’s also intended to extend the the rules so that they apply to all electronic communications service providers, including WhatsApp, Facebook Messenger, Skype, Gmail, iMessage and Viber.

The Commission’s original intention was for the ePR to come into force on 25 May 2018, to coincide with the GDPR’s becoming effective. This date has come and gone, and the draft regulation has still not been finalised. It is now expected that the Commission will present a revised proposal on the draft ePR in the first half of 2020.

If adopted, the ePR will apply in member states two years after the date of its entry into force. It seems likely that the standstill transitional arrangements that currently govern the UK-EU relationship will have expired, before the new rules must be applied. However, the ePR’s proposed territorial scope means it may remain relevant to many UK businesses, and the UK may accordingly look to mirror its provisions in order to assist with adequacy status.