What is the ePrivacy Directive?

ePrivacy Directive approved by the Cookie Monster

What is the ePrivacy Directive?

What is the ePrivacy Directive? It’s one that we actually all know well, but is still one of the lesser-known data protection acts in place to protect user security.

It is a European Union Directive, also known as the EU Cookie Law. Adopted in May 2011, the directive covers and includes non-personal data and has a focus of keeping communications confidential. So in that respect, it’s not the same as the GDPR.

The Directive specifically covers electronic communications. In short, it requires organisations to gain consent from website visitors in order to store or retrieve any information from a digital device

The directive covers electronic communications and requires organisations to ask users for consent to store or retrieve information on their browsers from a digital device.

 

What is a cookie?

A cookie is a small data file stored on an individual’s internet browser. If you’ve been on the internet today, you’ve probably encountered a few cookie notices already:

FT Cookie Policy

Cookie policy for ITV website

BBC Cookie Policy

Cookies are a way for websites to remember information about your browsing activity. For example, eCommerce retail sites may use cookies to send users ‘abandoned basket’ emails when they have started shopping online but have not completed a purchase.

They make the web experience for an individual more personal by creating something like an individual behavioural profile, which is used by organisations and sites to decide what kind of content is shown to them.

 

What is the future of the ePrivacy Directive?

There has been a proposal put forward to update the directive in line with the GDPR, and it is anticipated this will happen in 2019.

This will be called the ePrivacy Regulation and takes into consideration the technology advances since 2002 such as the increased number of channels by which organisations can reach individuals.

When the ePrivacy Regulation comes into place, it will replace the PECR.

 

Who governs it?

Like the GDPR, the ePrivacy Directive is an EU directive but is governed in the UK by the ICO.

 

What does it mean for your business?

If you own or manage a website that uses cookies, you must ensure it complies with the directive. You should find out what, if any, cookies your website currently has, and identify what they are used for. After you have defined this, make sure you provide a notice on your site so that your visitors can clearly see and consent to the use of cookies.

 

The Hansel and Gretel Cookie Theory

Supposedly, website cookies got their name from the German fairy tale “Hansel and Gretel”, where two lost children marked their route through a forest by dropping cookie crumbs on the floor.

Whether or not this is true, it’s still an entertaining thought. Read here for more “cookie” hypotheses.

 

Further reading

http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/