ePrivacy Directive – Privacy in Electronic Communications

Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (ePrivacy Directive)

In Force Effective: 31/07/2002 EU-wide EU Directive

Overview

The ePrivacy Directive (also known as the Cookie Directive) governs data protection in electronic communications. It is the sectoral complement to the GDPR and contains specific rules on cookies, tracking technologies, confidentiality of communications, and electronic direct marketing.

Who Is Affected?

The ePrivacy Directive covers a broad range of organisations:

Providers of electronic communications services (telecommunications, email, messaging)
Website operators and app developers (cookie consent)
Online marketers and advertisers
Companies conducting direct marketing by email, SMS, or telephone
All organisations using tracking technologies

Core Obligations

Cookie consent: Informed consent for non-essential cookies and tracking (Article 5(3))
Confidentiality of communications: Protection of the confidentiality of electronic communications
Direct marketing: Opt-in requirement for electronic direct marketing (email, SMS)
Traffic and location data: Special protection of communications metadata
Caller identification: User rights regarding caller ID
Subscriber directories: Consent for inclusion in public directories

National Transposition

As an EU directive, the ePrivacy Directive has been transposed into national law:

Germany: TTDSG (Telecommunications Telemedia Data Protection Act) and TKG
Austria: TKG 2021 (Telecommunications Act)
Switzerland: DPA and TCA contain comparable provisions

Legal Sources

Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (ePrivacy Directive) EUR-Lex
TTDSG – Telecommunications Telemedia Data Protection Act DE In force since 01.12.2021
TKG 2021 – Telecommunications Act 2021 AT In force
TCA – Telecommunications Act CH

Frequently Asked Questions

How does the ePrivacy Directive relate to the GDPR?

The ePrivacy Directive is lex specialis to the GDPR for electronic communications. It specifically regulates cookies, tracking, confidentiality of communications, and direct marketing.

What does the ePrivacy Directive require for cookies?

Article 5(3) requires informed consent for setting cookies and similar tracking technologies, unless they are strictly necessary for the service.

Will the ePrivacy Directive be replaced by a regulation?

A proposal for an ePrivacy Regulation has been on the table since 2017 but remains in the EU legislative process. The existing directive continues to apply until the regulation is adopted.