Difference between GDPR and ePrivacy regulation

blog-image_1218

It feels like just yesterday that the EU implemented the General Data Protection Regulation (GDPR) to govern data privacy. Yet recently, another privacy act, the ePrivacy Regulation, is currently being proposed. Also from the EU, and in fact created by the same governing body, the ePrivacy Regulation’s aim is to align the online standard of privacy with what’s covered by the GDPR.

Needless to say, this impacts virtually every business everywhere, as GDPR and also the ePrivacy regulation apply to you if you do business with EU citizens, regardless of which country you operate in.

In a nutshell, the ePrivacy regulation will complement the GDPR and spells out the specifics for personal data safety and privacy. Here’s how.

What the GDPR does

The GDPR aligns data privacy laws across all EU countries. If you’re a retailer anywhere in the world doing business with EU citizens, both laws apply to you. Under the GDPR, any EU citizens’ information is protected, regardless of whether you process their information within the EU or not, and regardless of where your company is located.

This applies to all metadata that’s created as a result, too. The GDPR also strengthens the area of consent as to how you can use an EU customer’s personal information or whether you can share it. Further, if you take any information from EU customers, you must maintain it and make it available to the user, if requested.

There’s also a critical ‘right to be forgotten’ under the GDPR—an important development in the Internet age, where almost everything that’s ever been published about people remains accessible forever.

What ePrivacy regulations do

The European Union ePrivacy regulation specifically will cover electronic communications, aligning all the different online privacy rules that exist across EU member states. While the GDPR specifies protection of personal data, the ePrivacy regulation will cover the confidentiality of communications.

The regulation will take on all definitions of privacy and data that were introduced in the GDPR, and will clarify and enhance them, especially when it comes to unsolicited marketing (aka, no spam), use of cookies (you must obtain consent, use clear language in your description of what your cookies do, and other requirements yet to be detailed), and confidentiality.

Ultimately, both laws will work together to ensure that internet users have control over their data and that the onus is on all website creators and operators to maintain all user data in a way that guarantees that their information is safe.

Leave a Reply

Your email address will not be published. Required fields are marked *