The GDPR and ePrivacy Directive (also known as Cookie Law) are the most critical EU laws in the field of personal data privacy and protection. And, even though these are EU laws, they could impact companies across the globe.
Effective since 2002, the ePrivacy Directive has put guidelines and expectations in place for electronic privacy, including email marketing and cookie usage. It complements the GDPR, and it still applies today.
On the other side, the GDPR (General Data Protection Regulation) came into force in 2018, and it specifies how personal data should be lawfully processed (including how it’s collected, used, protected or interacted with in general).
First, let’s see what’s the difference between directives and regulations:
The Regulation is expected to maintain values similar to the Directive with much of the same guidelines applying.
Both the ePrivacy and the GDPR apply to the protection of personal data of individuals within the EU: if you do business in the EU (regardless of whether or not you are based in the EU), then these laws affect you.
While GDPR only applies to the processing of personal data, ePrivacy regulates electronic communication even if it concerns non-personal data. Also, in the case of cookies, the ePrivacy generally takes precedence.
The ePrivacy Directive/Cookie Law requires users’ informed consent before storing cookies on a user’s device and/or tracking them.
Cookie consent management for the ePrivacy, GDPR and CCPA