The ePrivacy Directive is a European Union directive that regulates the processing of personal data and privacy in the electronic communications sector.
The Directive was adopted by the European Parliament and Council on April 13, 2002, and it came into force on September 25, 2002. The main objective of the Directive was to create a single market for electronic communications services across Europe by harmonizing national laws which regulate the use of personal data in those services. It has been amended several times since its adoption: most recently on July 14, 2014 with Directive 2002/58/EC amending Directive 2002/21/EC on Privacy and Electronic Communications (ePrivacy Regulation).
The purpose of the ePrivacy Directive is to ensure the confidentiality of communications and related traffic data by regulating the processing of personal information relating to these data by providers of publicly available electronic communications services or publicly available electronic communications networks, irrespective of whether they monitor such communications.
The main provisions include of the ePrivacy Directive:
- Consent must be obtained from users before companies collect their information
- Explicit consent must be given for use of cookies
- Users must be able to withdraw consent at any time
- Use of cookies can only be carried out for specific purposes (e.g. fraud prevention
- It’s illegal for websites to block users from accessing content if they do not accept cookies
- Websites cannot use tracking pixels (pixels are small pieces of code that track user activity on web pages)
- Cookies cannot store sensitive information about users