370:, effectively meaning that the consumer must give their consent before cookies or any other form of data is stored in their browser. The UK Regulations allow for consent to be signified by future browser settings, which have yet to be introduced but which must be capable of presenting enough information so that a user can give their informed consent and indicating to a target website that consent has been obtained. Initial consent can be carried over into repeated content requests to a website. The Directive does not give any guidelines as to what may constitute an opt-out, but requires that cookies, other than those "strictly necessary for the delivery of a service requested by the user" are not to be placed without user consent.
46:
346:
is
Article 5(3). Recital 25 of the Preamble recognises the importance and usefulness of cookies for the functioning of modern Internet and directly relates Article 5(3) to them but Recital 24 also warns of the danger that such instruments may present to privacy. The change in the law does not affect
333:
Two categories of emails (or communication in general) will also be excluded from the scope of the prohibition. The first is the exception for existing customer relationships and the second for marketing of similar products and services. The sending of unsolicited text messages, either in the form
329:
regime, according to which unsolicited emails may be sent only with prior agreement of the recipient. A natural or legal person who initially collects address data in the context of the sale of a product or service, has the right to use it for commercial purposes provided the customers have a prior
316:
Where data relating to location of users or other traffic can be processed, Article 9 provides that this will only be permitted if such data is anonymised, where users have given consent, or for provision of value-added services. Like in the previous case, users must be informed beforehand of the
288:
The first general obligation in the
Directive is to provide security of services. The addressees are providers of electronic communications services. This obligation also includes the duty to inform the subscribers whenever there is a particular risk, such as a virus or other malware attack.
354:
The article is technology neutral, not naming any specific technological means which may be used to store data, but applies to any information that a website causes to be stored in a user's browser. This reflects the EU legislator's desire to leave the regime of the directive open to future
358:
The addressees of the obligation are Member States, who must ensure that the use of electronic communications networks to store information in a visitor's browser is only allowed if the user is provided with "clear and comprehensive information", in accordance with the
254:
and applies to all matters which are not specifically covered by that
Directive. In particular, the subject of the Directive is the "right to privacy in the electronic communication sector" and free movement of data, communication equipment and services.
304:
The directive obliges the providers of services to erase or anonymise the traffic data processed when no longer needed, unless the conditions from
Article 15 have been fulfilled. Retention is allowed for billing purposes but only as long as the
309:
allows the payment to be lawfully pursued. Data may be retained upon a user's consent for marketing and value-added services. For both previous uses, the data subject must be informed why and for how long the data is being processed.
330:
opportunity to reject such communication where it was initially collected and subsequently. Member States have the obligation to ensure that unsolicited communication will be prohibited, except in circumstances given in
Article 13.
296:, who should prohibit listening, tapping, storage or other kinds of interception or surveillance of communication and "related traffic", unless the users have given their consent or conditions of Article 15(1) have been fulfilled.
347:
all types of cookies; those that are deemed to be "strictly necessary for the delivery of a service requested by the user", such as for example, cookies that track the contents of a user's shopping cart on an
249:
The
Electronic Privacy Directive has been drafted specifically to address the requirements of new digital technologies and ease the advance of electronic communications services. The Directive complements the
450:
EDPB, Opinion 5/2019 on the interplay between the ePrivacy
Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, Adopted on 12 March 2019.
241:(GDPR) in May 2018. In this way, it would repeal the ePrivacy Directive 2002/58/EC and accompany the GDPR in regulating the requirements for consent to the use of cookies and opt-out options.
17:
280:
Contrary to the Data
Protection Directive, which specifically addresses only individuals, Article 1(2) makes it clear that ePrivacy Directive also applies to legal persons.
334:
of SMS messages, push mail messages or any similar format designed for consumer portable devices (mobile phones, PDAs) also falls under the prohibition of
Article 13.
222:. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.
269:). Likewise, it does not apply to issues concerning public security and defence, state security and criminal law. The interception of data was however covered by the
360:
251:
211:
263:
397:
449:
659:
461:
214:. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data,
497:
313:
Subscribers have the right to non-itemised billing. Likewise, the users must be able to opt out of calling-line identification.
274:
120:
75:
234:
226:
684:
266:
664:
259:
238:
230:
210:
on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the
32:
Directive 2002/58/processing of personal data and the protection of privacy in the electronic communications sector
199:
384:
379:
414:
Edwards, L, "Articles 6 – 7, ECD; Privacy and
Electronics Communications Directive 2002" in Edwards, L. (ed.)
438:
392:
292:
The second general obligation is for the confidentiality of information to be maintained. The addressees are
486:
402:
654:
649:
325:
Article 13 prohibits the use of email addresses for marketing purposes. The Directive establishes the
207:
37:
363:, about the purposes of the storage of, or access to, that information; and has given their consent.
599:
270:
306:
679:
174:
8:
131:
56:
669:
215:
409:
Regulating Spam: A European Perspective after the Adoption of the ePrivacy Directive
60:
348:
674:
643:
367:
326:
293:
343:
219:
317:
character of information collected and have the option to opt out.
462:"ePrivacy: An overview of Europe's other big privacy rule change"
202:
on Privacy and Electronic Communications, otherwise known as
389:
Guidance from the French DPA CNIL (Translated into English)
398:
Article 29 Data Protection Working Party Opinion 16/2011
320:
393:
Article 29 Data Protection Working Party Opinion 2/2010
237:(ePR) could come into force at the same time as the
299:
18:Directive on Privacy and Electronic Communications
498:Highlights ePrivacy Regulation on fieldfisher.com
258:The Directive does not apply to Titles V and VI (
641:
416:The New Legal Framework for E-Commerce in Europe
487:ePrivacy Regulation and the GDPR on eprivacy.eu
197:Privacy and Electronic Communications Directive
244:
366:The regime so set-up can be described as
233:(GDPR). Some EU lawmakers had hoped the
81:L201, 2002-07-31, pp. 37 – 47
407:On spam: Asscher, L, Hoogcarspel, S.A,
267:Pillars constituting the European Union
14:
642:
342:The Directive provision applicable to
275:Court of Justice of the European Union
225:There are some interplays between the
321:Unsolicited e-mail and other messages
434:
432:
24:
660:European Union data protection law
283:
239:General Data Protection Regulation
231:General Data Protection Regulation
25:
696:
429:
439:ePrivacy Regulation on Europa.eu
273:, prior to its annulment by the
44:
627:
618:
592:
583:
574:
565:
556:
547:
538:
300:Data retention and other issues
529:
520:
511:
502:
491:
480:
454:
443:
403:History of the decision making
137:C187, 2002-05-30, p. 103
13:
1:
508:See Preamble of the Directive
422:
373:
126:C123, 2001-01-24, p. 53
355:technological developments.
7:
271:EU Data Retention Directive
10:
701:
685:2002 in the European Union
385:Guidance from the UK's ICO
337:
665:European Union directives
411:(T.M.C. Asser Press 2006)
361:Data Protection Directive
252:Data Protection Directive
212:Data Protection Directive
189:
181:
170:
162:
154:
149:
141:
130:
119:
114:
106:
98:
90:
85:
74:
66:
52:
43:
36:
245:Subject-matter and Scope
38:European Union directive
351:service, are exempted.
177:, Directive 2009/136/EC
380:Full text of Directive
307:statute of limitations
633:Recital 40, Preamble
175:Directive 2006/24/EC
655:Privacy legislation
650:Information privacy
235:ePrivacy Regulation
227:ePrivacy Regulation
190:Current legislation
107:Implementation date
57:European Parliament
33:
204:ePrivacy Directive
31:
194:
193:
150:Other legislation
115:Preparative texts
16:(Redirected from
692:
634:
631:
625:
622:
616:
615:
613:
611:
606:. 20 August 2021
600:"What are PECR?"
596:
590:
587:
581:
578:
572:
569:
563:
560:
554:
551:
545:
542:
536:
533:
527:
524:
518:
515:
509:
506:
500:
495:
489:
484:
478:
477:
475:
473:
468:. 7 October 2018
458:
452:
447:
441:
436:
99:Entry into force
48:
47:
34:
30:
21:
700:
699:
695:
694:
693:
691:
690:
689:
640:
639:
638:
637:
632:
628:
623:
619:
609:
607:
598:
597:
593:
588:
584:
579:
575:
570:
566:
561:
557:
552:
548:
543:
539:
534:
530:
525:
521:
516:
512:
507:
503:
496:
492:
485:
481:
471:
469:
460:
459:
455:
448:
444:
437:
430:
425:
376:
349:online shopping
340:
323:
302:
286:
284:Main provisions
247:
45:
23:
22:
15:
12:
11:
5:
698:
688:
687:
682:
677:
672:
667:
662:
657:
652:
636:
635:
626:
617:
591:
582:
573:
564:
555:
546:
537:
528:
519:
510:
501:
490:
479:
453:
442:
427:
426:
424:
421:
420:
419:
412:
405:
400:
395:
390:
387:
382:
375:
372:
339:
336:
322:
319:
301:
298:
285:
282:
246:
243:
229:(ePR) and the
192:
191:
187:
186:
183:
179:
178:
172:
168:
167:
164:
160:
159:
156:
152:
151:
147:
146:
143:
139:
138:
135:
128:
127:
124:
117:
116:
112:
111:
108:
104:
103:
100:
96:
95:
92:
88:
87:
83:
82:
79:
72:
71:
68:
64:
63:
54:
50:
49:
41:
40:
9:
6:
4:
3:
2:
697:
686:
683:
681:
678:
676:
673:
671:
668:
666:
663:
661:
658:
656:
653:
651:
648:
647:
645:
630:
624:Article 13(2)
621:
605:
601:
595:
586:
577:
568:
559:
550:
541:
532:
523:
517:see Article 1
514:
505:
499:
494:
488:
483:
467:
463:
457:
451:
446:
440:
435:
433:
428:
417:
413:
410:
406:
404:
401:
399:
396:
394:
391:
388:
386:
383:
381:
378:
377:
371:
369:
364:
362:
356:
352:
350:
345:
335:
331:
328:
318:
314:
311:
308:
297:
295:
294:Member States
290:
281:
278:
276:
272:
268:
265:
261:
256:
253:
242:
240:
236:
232:
228:
223:
221:
217:
213:
209:
206:(ePD), is an
205:
201:
198:
188:
184:
180:
176:
173:
169:
165:
161:
157:
153:
148:
144:
140:
136:
133:
129:
125:
122:
118:
113:
109:
105:
101:
97:
93:
89:
84:
80:
77:
73:
69:
65:
62:
58:
55:
51:
42:
39:
35:
29:
27:
19:
629:
620:
608:. Retrieved
603:
594:
589:Article 9(2)
585:
576:
567:
558:
549:
544:Article 4(2)
540:
531:
526:Article 1(3)
522:
513:
504:
493:
482:
470:. Retrieved
465:
456:
445:
415:
408:
365:
357:
353:
341:
332:
324:
315:
312:
303:
291:
287:
279:
257:
248:
224:
208:EU directive
203:
196:
195:
28:
26:
680:2002 in law
610:21 November
418:(Hart 2005)
182:Replaced by
644:Categories
604:ico.org.uk
466:TechCrunch
423:References
374:Literature
200:2002/58/EC
171:Amended by
110:2003-10-31
102:2002-07-31
94:2002-07-12
67:Made under
580:Article 8
571:Article 7
562:Article 6
553:Article 5
535:Article 4
91:Date made
78:reference
670:Spamming
155:Replaces
472:14 July
344:cookies
338:Cookies
220:cookies
142:Reports
134:opinion
123:opinion
86:History
76:Journal
70:Art. 95
61:Council
53:Made by
368:opt-in
327:opt-in
260:Second
163:Amends
145:
59:&
675:Email
264:Third
612:2021
474:2020
262:and
218:and
216:spam
121:EESC
646::
602:.
464:.
431:^
277:.
132:EP
614:.
476:.
185:—
166:—
158:—
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.