Get in Touch Menu

What businesses need to know about the proposed E-Privacy Regulation

04 August 2017

There has been a lot of talk recently about the General Data Protection Regulation (GDPR), but not so much about the new proposed E-Privacy Regulation (EPR), the breach of which will carry the same significant fines as that of the GDPR.

The EPR is intended to replace the existing E-Privacy Directive, which deals with the protection of personal data in electronic communications, for example when using cookies, sending unsolicited marketing emails, and online monitoring. It is intended to bring this area of law up-to-date with the e-privacy laws contained in the GDPR.

The European Commission is planning for the EPR to be implemented on 25 May 2018 (alongside the GDPR). As we will still be a part of Europe then, it will apply directly to the UK. The regulation is in draft form, so it may change before being implemented. It may also be delayed, however if the implementation date is after Brexit, the UK will no doubt adopt very similar laws.

The new EPR will carry the same maximum fines as under the GDPR, which can be up to 4% of annual worldwide turnover of the preceding financial year or 20 million euros (whichever is greater). Businesses that use such electronic communications should therefore be aware of the new proposed regulations and start preparing for them now.

So what are the key changes in the draft E-Privacy Regulation?

  • The regulation will have a wider scope than the existing directive and includes all types of electronic communications service providers such as Skype and WhatsApp.
  • All electronic communications must be confidential, and user consent is required for the listening, intercepting, scanning and storing of electronic communications.
  • Content and metadata will need to be anonymised or deleted if users have not given consent, unless they are required for certain purposes such as billing.
  • Users must give their consent before any unsolicited commercial communications can be sent to them. However, the current ‘soft opt-in’ rule for electronic mail is maintained.
  • The regulation requires providers of browsers and similar software to offer built-in settings which mean that the use of cookie banners may no longer be needed. Cookies that enhance the website user’s experience and ensure that it functions properly will not require consent.

Our corporate & commercial department has wide experience of mergers & acquisitions, business start-ups, reconstructions, joint ventures, corporate finance and corporate governance. They are praised for reacting “admirably quickly” and “give very relevant advice” by leading national legal guides. To speak to any of them please contact anyone in the team.

We're here to help
Disclaimer: All legal information is correct at the time of publication but please be aware that laws may change over time. This article contains general legal information but should not be relied upon as legal advice. Please seek professional legal advice about your specific situation - contact us; we’d be delighted to help.
Related services
Share this article
Resources to help

Related articles

Changes to company law – what businesses need to know


This week, initial changes to company law – including the biggest changes to Companies House since it began – will start to take effect. Here, our corporate and commercial team…

Chris Wills LLB (Hons)

Unearthing the implicit duty of cooperation in commercial contracts


In the world of business, contracts are the bedrock upon which deals are built. These carefully crafted documents are a testament to the mutual understanding between parties, outlining their respective…

Richard Holland BA (Hons)
Senior associate, solicitor

Why sole director companies should check articles of association


A recent case has highlighted the importance of ensuring a company is incorporated with carefully drafted articles of association, if there is only one director. All limited companies must have…

Helen Howes LLM
Associate, solicitor
Contact us