Skip to main content
Shaping Europe’s digital future logo

Digital privacy

The ePrivacy Directive and the General Data Protection Regulation help ensure digital privacy for EU citizens.

When you access the web, you often entrust vital personal information, such as your name, address, and credit card number, to your Internet Service Provider and the website you are using. What happens to this data? Could it fall into the wrong hands? What rights do you have with regards to your personal information?

Common EU rules have been established to ensure that there is a high standard of protection for personal data everywhere in the EU. Currently, the two main strands of the data protection legal framework in the EU are the ePrivacy Directive (Directive on privacy and electronic communications), and the General Data Protection Regulation (GDPR).

The ePrivacy Directive builds on EU telecoms and data protection frameworks to ensure that all communications over public networks maintain respect for fundamental rights. There should be a high level of data protection and of privacy regardless of the technology used.

The European Commission adopted a proposal for a Regulation on Privacy and Electronic Communications to replace the Directive in 2017. 

The EU GDPR ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organisations that collect and manage your personal information must also protect it from misuse and respect certain rights.

Informed consent for 'cookies' and other devices

The ePrivacy Directive requires EU countries to ensure that users grant their consent before cookies (small text files stored in the user's web browser) are stored and accessed in computers, smartphones or other device connected to the Internet.

The draft Regulation introduces the concept of "privacy by design" whereby users can choose a higher or lower level of privacy.

Personal data breaches

Telecom operators and Internet Service Providers possess a huge amount of customers' data, which must be kept confidential and secure. However, sometimes sensitive information can be stolen, lost, or illegally accessed. The ePrivacy Directive ensures that the provider reports any personal data breaches to the national authority and informs the subscriber or individual directly of any risk related to personal data or privacy.

The draft Regulation does not include specific provisions on personal data breaches but relies on the relevant provisions of the GDPR.


Commission launches public consultation on Database Directive

The Database Directive, adopted in 1996, aims at encouraging the development of databases through appropriate legal protection and the use of data. The Commission launches today a consultation to understand better how the Database Directive is used, to evaluate its impact on users and to identify possible needs of adjustment. Since the entry into force of the Directive, the database market, and more generally the role of data in the economy, has evolved. The Commission has recently presented several initiatives to boost the European data economy. 

Commission proposes high level of privacy rules for all electronic communications and updates data protection rules for EU institutions

The Commission is proposing new legislation to ensure stronger privacy in electronic communications, while opening up new business opportunities. The measures presented today aim to update current rules, extending their scope to all electronic communication providers. They also aim to create new possibilities to process communication data and reinforce trust and security in the Digital Single Market – a key objective of the Digital Single Market strategy.

Related Content

Dig deeper