The General Data Protection Regulation (GDPR) and e-Privacy regulation are the most critical EU regulations in the field of personal data privacy and protection. And, even though these are EU regulations, they impact companies across the globe. While the e-Privacy regulation has not yet been published, there are a lot of buzz and interest surrounding it. So, let us understand:
- What is the e-Privacy regulation?
- What similarities does the e-Privacy regulation have with EU GDPR?
- What are the key differences between the e-Privacy regulation and EU GDPR?
What is the e-Privacy regulation?
The e-Privacy regulation is set to become the replacement for the current e-Privacy directive, and its purpose is to align online privacy rules across all EU member states. Online privacy rules cover topics such as online communications, unsolicited marketing, and cookies.
It is important to note that this regulation is still in draft form, but it has been vetted extensively by member states and now awaits the approval of the EU parliament. So, for now, the old e-Privacy directive and local privacy laws remain in force, but the e-Privacy regulation is expected to go into effect sometime during 2018.
What similarities does the e-Privacy regulation have with EU GDPR?
Though they are two different regulations, there are some similarities between the e-Privacy regulation and EU GDPR:
- Both are regulations. This means that both shall become de-facto law in all EU member states. Therefore, member states do not need to create local laws.
- Both will impose high fines for non-compliance. If the EU parliament approves the current draft, the maximum fine would be similar to that imposed by EU GDPR, i.e., 4% of total annual turnover or € 20 million, whichever is higher.
- Both regulations relate to protection of personal data of data subjects who are in the EU.
What are the key differences between the e-Privacy regulation and EU GDPR?
- EU GDPR was created to provide protection over the personal data of individuals; i.e., a data subject has rights and is informed about what processing is being carried out on his or her personal data. The e-Privacy regulation was created to provide privacy in private and family life; i.e., the data subject is aware of and can make choices in the context of communications that impact him or her. And, in the case of e-Privacy, the user may be either an individual or legal entity.
- EU GDPR defines requirements for the handling of personal data, while the e-Privacy regulation shall define requirements for online communications.
- EU GDPR comes into effect on 25 May 2018, while the e-Privacy regulation is still in the approval stage with the EU parliament.
With EU GDPR already in place, the e-Privacy regulation is aimed at enabling the Digital Single Market Strategy of the EU, as the focus of the Strategy is to create trust and security in digital services. EU GDPR and the e-Privacy regulation are complementary, and they both strengthen the privacy and protection requirements to ensure that personal data is protected at all times.
When the e-Privacy regulation goes into effect, the rules around content and metadata of electronic communications may be further specified. This shall most likely include:
- electronic communications like text or voice messages, audio, video, or images
- interpersonal communications like WhatsApp, Skype, e-mail, etc.
- sending direct marketing communications, etc.
As the content and metadata of communications use personal data processing that is governed by GDPR, these regulations will have some overlap. The full extent and impact of this overlap will be determined once the final text of the e-Privacy regulation is approved.
For now, until the e-Privacy regulation is published, it is important that you do your utmost to comply with EU GDPR.
See this free online training GDPR Foundations Course to learn about the detailed requirements of EU GDPR.