What is ePrivacy?

... and how does that interact with GDPR!

Learn More

What is ePrivacy?

ePrivacy is a proposed EU Regulation concerning the respect for private life and the protection of personal data in electronic communication.

It will repeal the ePrivacy Directive (2002/58/EC).

It was originally intended to come into force with GDPR on 25th May 2018, but is now lilely to be delayed.

If you are involved in direct marketing using electronic communications, it will affect you!!

Download the DRAFT regulation free here!

Download Article 29 Woking Party 29's opinion on the DRAFT regulation free here!

Download the European Data Protection Supervisor's opinion on the DRAFT regulation free here!

What is the ePrivacy Regulation about?

GDPR is the GENERAL data protection law (lawyers call it 'lex generalis'), the ePrivacy Regulation is covers the protection of personal data in electronic communication SPECIFICALLY, (legal term 'lex specialis') and it looks likely to significantly affect B2B direct marketing.

You are still guilty!

Remember GDPR underpins the proposed regulation, so you are still guilty unless you can prove you are not!

Furthermore, you cannot 'pass the buck' any more. If you are a data controller, or a data processor, and that covers everyone, you are jointly liable unless you can prove you are 'in no way responsible'. Can your policies, practices and systems deliver that?

Massive fines!

The administrative fines are set out in GDPR too, which says fines should be 'dissuasive', and they are going to be! €20 Million or 4% of last year's global annual turnover, whichever is GREATER!

This means the scope for fines has been increased by 40 times! And it's intended to be simpler than ever to complain to the regulator. Does your cashflow have that much slack?


Once again, GDPR sets the law where damages are concerned, and data subjects are entitled to claim damages for infringements. They were before, but had to show they had suffered some material harm. Now non-material damages are provided for.

This means 'offending' a data subject, or 'upsetting'; them will be adequate for them to claim damages, and you are automatically guilty, unless you prove otherwise.

Class Actions

GDPR also provides for class actions, so the damages can now be treated as a class action, so all data subjects can benefit, meaning the costs are far more significant.

Legal teams are preparing to prosecute class actions, and who can blame them, the potential value is so magnified. The scope of a fine can be understood, but class actions are without limit.

Repeal of PECR

The existing law, PECR, will be repealed when ePrivacy takes effect.

The update to the law is required because PECR has not effectively empowered end-users, and implementations across Europe have been inconsistent, which has introduced uncertainlty and challenges to businesses operating across borders.

Direct Marketing Communications (Article 4.3(f))

The term has now been defined specifically as relates to electronic communication.

It means: 'any form of advertising, whether written or oral, sent to one or more identified or identifiable end-users of electronic communications services, including the use of automated calling and communication systems with or without human interaction, electronic mail, SMS, etc.'

Consent (Article 16)

The proposal is that consent will be required for all unsolicited marketing, and the requirements of consent will be the same us GDPR requires, so any freely given,specific,informed and unambiguous indication, often by a positive affermative action.

It must be as easy to withdraw consent as to give it, and under ePrivacy, you will need to remind the data subject of this every 6 months. Under GDPR you will need to be able to prove it!

Voice-to-voice calls

Direct marketing voice-to-voice calls have been defined as 'live calls, which do not entail the use of automated calling systems and communication systems'.

These will remain opt-out, but you will still be required to suppress calling against the TPS and CTPS lists.

B2B vs B2C

The existing PECR law has looked almost the same as ePrivacy is proposed to be for B2C, however, PECR provided a loophole for B2B direct marketing. This proposal will close the loophole.

The DMA and others are lobbying for more relaxed laws, but UK B2B marketers should prepare for consent being required for email marketing now, to avoid the risk of significant disruption.

ePrivacy is on it's way, but no-one knows when ...

Are you ready if you need consent for your B2B emails?

If not, you should probably be planning!

What have you done about personal data protection?

If you don't know, you probably need to think about it!

FREE initial consultation!

Call now on 0800 2800 679

eMail enquiries@dept679.com