Legal

ePrivacy Directive

The EU directive that regulates cookies, electronic communications, and online tracking — complements the GDPR.

The ePrivacy Directive (Directive 2002/58/EC, as amended by 2009/136/EC) is an EU directive that specifically addresses privacy in the electronic communications sector. It is commonly known as the "Cookie Law."

Key Provisions

  • Article 5(3) — requires consent before storing or accessing information on a user's device (cookies, local storage, etc.), unless the storage is strictly necessary to provide a service explicitly requested by the user
  • Rules on confidentiality of electronic communications
  • Rules on traffic data and location data
  • Regulation of unsolicited marketing communications (spam)

Relationship to GDPR

The ePrivacy Directive is lex specialis to the GDPR — it provides specific rules that take precedence in its area of application (electronic communications), while the GDPR provides the general framework.

ePrivacy Regulation (Upcoming)

The European Commission has proposed an ePrivacy Regulation to replace the Directive, but as of 2026 it has not yet been adopted.

Related Terms

ConsentPrivacy

A freely given, specific, informed, and unambiguous indication of agreement to data processing.

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

CookieTechnical

A small text file stored by your browser that lets websites remember information between page visits.

Tracking PixelTechnical

A tiny, invisible image embedded in a web page or email to track user behaviour such as page views and email opens.

Encryption