Iubenda logo
Start generating


Table of Contents

ePrivacy vs GDPR

The GDPR and ePrivacy Directive (also known as Cookie Law) are the most critical EU laws in the field of personal data privacy and protection. And, even though these are EU laws, they could impact companies across the globe.

Europe - ePrivacy Directive vs GDPR

Effective since 2002, the ePrivacy Directive has put guidelines and expectations in place for electronic privacy, including email marketing and cookie usage. It complements the GDPR, and it still applies today.

On the other side, the GDPR (General Data Protection Regulation) came into force in 2018, and it specifies how personal data should be lawfully processed (including how it’s collected, used, protected or interacted with in general).

First, let’s see what’s the difference between directives and regulations:

  • Directives set certain agreed-upon goals and guidelines in place with member states being free to decide how to make these directives into national legislation.
  • Regulations, on the other hand, are legally binding across all Member States from the moment they are put into effect and they are enforced according to union-wide established rules.

With that said, the ePrivacy Directive is going to be repealed by the ePrivacy Regulation. The ePrivacy Regulation is expected to be finalized in the near future and will work alongside the GDPR to regulate the requirements for the use of cookies, electronic communications, and related data/privacy protection.

The Regulation is expected to maintain values similar to the Directive with much of the same guidelines applying.

What are the similarities between ePrivacy and GDPR?

Both the ePrivacy and the GDPR apply to the protection of personal data of individuals within the EU: if you do business in the EU (regardless of whether or not you are based in the EU), then these laws affect you.

What are the differences between ePrivacy and GDPR?

While GDPR only applies to the processing of personal data, ePrivacy regulates electronic communication even if it concerns non-personal data. Also, in the case of cookies, the ePrivacy generally takes precedence.

The ePrivacy Directive/Cookie Law requires users’ informed consent before storing cookies on a user’s device and/or tracking them.

This means that if your site/app (or any third-party service used by your site/app) uses cookies, you’ll need to show a cookie banner at the user’s first visit, implement a cookie policy and allow the user to provide consent. Prior to consent, no cookies — except for exempt cookies — can be installed.

About us


Cookie consent management for the ePrivacy, GDPR and CCPA


See also