Younger brother of GDPR, meet ePrivacy

Younger brother of GDPR, meet ePrivacy
4 Február 2019

Younger brother of GDPR, meet ePrivacy

Regulation on Privacy and Electronic Communications, also known as the ePrivacy regulation, is not nearly as known as the GDPR. But they are not completely foreign to each other.

GDPR's close relationship with ePolicy

Both European regulations belong to the same regulatory package. The main reason for their occurrence is to increase the protection of the personal data of individuals, as they are becoming more and more commercialized, which brings with it additional security risks. Even the aforementioned regulations were to enter into force at the same time, namely on 25 May 2018. However, this did not happen. Unlike the already approved and used GDPR, the final version of ePrivacy is still unknown. The ePrivacy Regulation is currently in the trialogue, part of the legislative process where representatives of the Commission, Parliament and Council are unofficially negotiating.

Secrecy of post online

The ePrivacy Regulation is a special regulation that serves as a complement to the already known GDPR. Although the general regulation of ePrivacy can also be found in the GDPR, the ePrivacy Regulation itself specifies some treatment of personal data. For this reason, the ePrivacy Regulation will take precedence over GDPR in this area of ​​electronic communications. It is important to keep in mind both regulations when adapting to the new legislation. This means that if your business is within the scope of ePrivacy, the GDPR will also apply to you. While GDPR speaks primarily of protecting individuals, ePrivacy should address the confidentiality of electronic communications by natural and legal persons. The main goal of ePrivacy is to create an online letter secret.

Both regulations include directly applicable rules. However, these cannot be adapted by European states to any interests. ePrivacy seeks to legally address the rapidly evolving online communication technologies and to adapt the national laws of the EU to this. Many of them do not regulate normal activities at all, even when they use personal data to a large extent.

Who is affected by ePolicy?

The current ePrivacy Directive is inadequate because it only refers to traditional telecommunications operators. Although SMS services or phone calls must meet certain security standards, the same services provided over the Internet are not regulated at all. For this reason, the ePrivacy Regulation will extend the range of obliged entities.

These will include providers of Internet calling services (VoIP), operators of applications transmitting audiovisual content via the Internet (OTT services - over-the-top services), such as WhatsApp, Viber, Skype, but also Facebook Messenger and Internet TV ( Netflix). In addition, ePolicy will also affect cafes with Wi-fi. It will reach providers of public and semi-private Wi-Fi networks or companies producing devices communicating over the so-called Internet of Things.

End of cookies and restricted spam

Almost every newly visited website wants you to consent to the storage of cookies. In some cases, you may not even be able to use the page until you confirm this by clicking. Thus, the ePrivacy Regulation will come with the option of a comprehensive search engine setting that will be binding on all pages visited.

We can expect tightening also in the conditions for unsolicited commercial announcements, which often end up as spam. You will now need to obtain the user's consent to receive such offers. However, you will be able to withdraw it at any time.

The information will be confidential

In addition to protecting the message content itself, the new ePrivacy Regulation will also address metadata, ie data derived from the communication itself. These include dialed numbers, browsing history, location, time and date of communication, call time, and more. All this data may be commercially misused and will therefore be treated as confidential. It should even be forbidden to interfere in any way with their communication (by human intervention or by means of computer algorithms, etc.) without the consent of all communicating parties. Without the consent, it will not be possible to monitor the content of electronic communications and metadata about them, such as the websites visited, the length of the visit and their subsequent interaction with other entities.

The GDPR and ePrivacy regulations place the greatest emphasis on giving consent to processing, which they regard as an essential tool and a safeguard for the protection of individuals and their privacy. It is therefore important to pay attention to when, in what form and for what activities you will need to obtain such end-user consent.

Contact form

Preparation of Security Documentation in terms of GDPR from 139€ with insurance.

osobnyudaj.sk, s.r.o. Námestie osloboditeľov 3/A,
040 01 Košice

Non-binding free quote

from € 139 with insurance

We have provided services
to more than
11 500 clients

Free quote

Questions and answers

Dear client, if you have not found
what you are looking for, do not hesitate
to contact us.

To contact