Cookie law (ePrivacy Regulation)
In January 2017 the EC published a proposed refresh of the ePrivacy Directive, the 2009 regulation containing, among other things, what has come to be known as the “cookie law”.
The proposed refresh shifts the burden of cookie compliance from administrators, and the front ends of web sites, to the technical settings of browsers and applications.
These changes should spell an end for cookie consent popups, dropdowns, and modals, as well as unnecessary opt-in processes.
Why you need to know
As with GDPR, if you do business in or with Europe, the ePrivacy regulation applies to your work even if you are not located within Europe. It will also apply to UK businesses trading within Europe regardless of Brexit.
What will it mean for you
The refresh of course is about much more than cookies: it concerns the privacy of all online communications in Europe, including content, metadata, telemetry, and the means of communication.
The ePrivacy refresh is closely paired with GDPR, the refresh of data protection and privacy rules across Europe. You should prepare for both new sets of rules together as if they were the same regulation.
- Plain English summary of the changes (this blog)
- ePrivacy refresh announcement
- Full text of the proposed refresh (6 part PDF)
- Evaluation and review of the (first) ePrivacy Directive
- Afterbrexit.tech side blog where I monitor EU tech policy through the Brexit process