The General Data Protection Regulation (GDPR) is not the only new rule book that will soon govern the digital economy in Europe.

Preparations for the GDPR have overshadowed another piece of EU draft legislation, the ePrivacy Regulation (ePR) which would tighten rules on marketing by phone, text and email.

The ePrivacy Regulation (ePR) would overhaul the Privacy and Electronic Communications Regulations (PECR), which currently sets out the rules on ‘nuisance’ calls/messages, and cookies.

According to the UK Information Commissioner’s Office, (ICO), this proposal is just the beginning of the process, and the details are likely to change. The ePR is due to come into effect in May 2018 alongside the GDPR, but the ICO says this will be tough deadline for lawmakers.

The current draft proposal includes some headline changes:

  • It removes separate security obligations, which will be covered under the GDPR, but introduces customer notification of specific security risks.
  • In terms of cookies and other online tracking devices, the focus shifts from website cookie banners to users’ browser settings, and seeks to address issues around ad-blocking and Wi-Fi location tracking.
  • It tightens the rules on marketing, with the default position being that all marketing to individuals by phone, text or email must be opt-in.
  • It incorporates the GDPR’s two-tier system of fines of up to €20 million, or 4% of worldwide turnover, for breaches of some parts of the Regulation.
  • It would apply to services providing so-called ‘over-the-top’ communication channels over the internet, such as Skype, Messenger or WhatsApp. It would also apply to businesses providing customer Wi-Fi access, as well as the traditional telecoms and internet providers.
  • It would apply to organisations based anywhere in the world if they provide services to people in the EU.


This week the ICO said it is working with its counterparts in the group of European data protection authorities “to influence a collective opinion on how (the current ePR draft) could be improved”.

An initial guidance document from the ICO, highlighting the likely key issues, is planned for later in the year.