GDPR Day (i.e., May 25, 2018) has passed, bringing with it higher standards for data privacy, but there is more to be done: the European Union (“EU”) is working hard to finalize its reform of the ePrivacy Directive, an effort initiated in January 2017 when the EU Commission adopted a proposal for a Regulation on Privacy and Electronic Communication (the “ePrivacy Regulation” or the “Regulation”).
In a nutshell, the ePrivacy Regulation is lex specialis to the General Data Protection Regulation (“GDPR”). While the GDPR applies to all categories of personal data—hard copy and electronic—the ePrivacy Regulation would typically only apply to electronic communications data, a subset. The Regulation, if adopted, would cover not only traditional telecommunications operators and providers of electronic communication services but also “over-the-top” communications services.