In this short guide, we’ll explain what the ePrivacy Directive is, how it differs from the GDPR and how to comply in practice.
The ePrivacy Directive 2002/58/EC (or Cookie Law) is an EU based directive that was created to put rules and expectations in place for electronic privacy, including email marketing and the use of browser cookies. It still applies today and you can think of the ePrivacy Directive as currently “complementing” the GDPR in a sense.
The GDPR and ePrivacy differ in several ways. Currently, the ePrivacy is a directive while the GDPR is a regulation. Directives set certain agreed-upon goals and guidelines in place with EU member state countries being free to decide how to make these directives into national law. Regulations, on the other hand, are legally binding across all EU member states from the moment they are put into effect and they are enforced according to EU-wide established rules.
Another difference between the GDPR and the Cookie Law is that GDPR rules are more broadly applicable and apply to the privacy of personal data as a whole and not just electronic privacy. More on that here.
In general, the Cookie Law requires that you inform users of your intent to use cookies on your site and obtain their consent before doing so. In practice, you’ll need to show a cookie banner or notice at the user’s first visit, implement a cookie policy that provides further details about your use of cookies, block non-exempt cookie scripts from running prior to consent and indicate clearly to the site visitor which action signifies consent.
Our Privacy Controls and Cookie Solution allows you to manage all aspects of the Cookie Law, in particular: