EPrivacy Directive

Directive 2002/58/processing of personal data and the protection of privacy in the electronic communications sector

European Union directive
Made by	European Parliament & Council
Made under	Art. 95
Journal reference	L201, 2002-07-31, pp. 37 – 47
History
Date made	2002-07-12
Entry into force	2002-07-31
Implementation date	2003-10-31
Preparative texts
EESC opinion	C123, 2001-01-24, p.  53
EP opinion	C187, 2002-05-30, p.  103
Reports
Other legislation
Replaces	—
Amends	—
Amended by	Directive 2006/24/EC, Directive 2009/136/EC
Replaced by	—
Current legislation

Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications, otherwise known as ePrivacy Directive (ePD), is an EU directive on data protection and privacy in the digital age.^[1] It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.

There are some interplays between the ePrivacy Regulation (ePR) and the General Data Protection Regulation (GDPR).^[2] Some EU lawmakers had hoped the ePrivacy Regulation (ePR) could come into force at the same time as the General Data Protection Regulation (GDPR) in May 2018.^[3] In this way, it would repeal the ePrivacy Directive 2002/58/EC and accompany the GDPR in regulating the requirements for consent to the use of cookies and opt-out options.^[1][4][5]