ePrivacy Directive (ePD) [2009]

• 12/07/2002 – Directive 2002/58/EC – https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32002L0058&from=EN(Note Article 5.3)
• November 2009 List of Amendments to the 2002 ePD – https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:en:PDF (PDF) Web: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32009L0136&from=EN
• November 2009 – Directive 2009/136/EC – Consolidated Amendments – https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02002L0058-20091219
• (The big change in 2009 was the shift from opt-out to an opt-in consent requirement for cookies)

Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.

Article 5.3 of ePD

Member State Implementations of the ePD

• UK – The Privacy and Electronic Communications (EC Directive) Regulations 2003 – http://www.legislation.gov.uk/uksi/2003/2426/pdfs/uksi_20032426_en.pdf(Note section 6)

ePrivacy Regulation (ePR) [Currently in Draft]

Cookies: Article 8, Recitals 20, 21, 24 (varies due to draft changes)

• 13/03/2019 – https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_7099_2019_REV_1&from=EN
• 26/02/2019 – http://data.consilium.europa.eu/doc/document/ST-6771-2019-INIT/EN/pdf
• 15/02/2019 – https://www.parlament.gv.at/PAKT/EU/XXVI/EU/05/43/EU_54357/imfname_10879938.pdf
• 04/02/2019 – https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_5934_2019_INIT&from=EN
• 23/11/2018 – http://data.consilium.europa.eu/doc/document/ST-14491-2018-INIT/en/pdf
• 19/10/18 – https://iapp.org/media/pdf/resource_center/ePR_10-19-18_draft.pdf (Note 8.1.da – exclusion for technical faults or fraud prevention)
• 20/09/18 – https://iapp.org/media/pdf/resource_center/ePrivacyReg-2018-09-20-draft.pdf
• 10/07/2018 – https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_10975_2018_INIT&from=EN (when cookie-or-pay walls are added in recital 20)
• 04/05/2018 – http://data.consilium.europa.eu/doc/document/ST-8537-2018-INIT/en/pdf
• 13/04/2018 – https://iapp.org/media/pdf/resource_center/ePR_2018-04-13.pdf
• 08/09/2017 – https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_11995_2017_INIT&from=EN
• ePR document timeline – https://eur-lex.europa.eu/procedure/EN/2017_3

WP29 / EDPB Texts

• 12/04/2019 – Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf
• 10/04/2018 – Guidelines on consent under Regulation 2016/679 – https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51030
• 07/06/2012 – Opinion 04/2012 on Cookie Consent Exemption (only an opinion) – https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf
• 08/12/2011 – Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioural Advertising (only an opinion) – https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2011/wp188_en.pdf

Annie Spratt