GDPR and ePrivacy Regulation explainers, official docs, and status

In May 2018 two sets of new European rules on the use of personal information will disrupt advertising and media across the globe. The General Data Protection Regulation concerns the protection of personal data. The ePrivacy Regulation concerns the confidentiality of communications.

This is a repository of documents and analyses about these two new sets of rules.

Note: Elsewhere you can find details about PageFair’s Data Protection Platform.

Explainers

Big picture explainers (in order of publication)

Secondary explainers

Sign up for updates


Size of your organisation
Combined monthly page views from website(s)
Monthly active users of mobile app(s)

Ticking the box below allows us to use a company called Mailchimp to send you research notes.

  • Every note we send includes links at the bottom with which you can change your details or withdraw your consent.
  • Should you believe your data are being misused, you can complain to a data protection authority. MailChimp transfers personal data between the EU and the U.S. under the Privacy Shield agreement, which provides you a range of rights and safeguards intended to be equivalent to those provided in the EU.
  • The personal data you submit on this form are stored only so long as you wish to receive research notes from PageFair.

Our position


Unusually for an ad-tech company, PageFair supports the proposed ePrivacy Regulation’s broad approach to online behavioural advertising (OBA), and was also supportive of the GDPR.

 

Process tracker


ePrivacy Regulation

Current status:

  • The European Commission proposes that the ePrivacy Regulation will apply on the same day (25 May 2018) as the GDPR.
  • The draft ePrivacy Regulation is currently being agreed through the co-decision process between the European Commission, Parliament, and Council of Ministers of Member States.
  • On 12 October the European Parliament LIBE committee will vote on the rapporteur’s report, at which time the Council of Member State Ministers for Transport, Telecommunications and Energy will consider the draft.

Intended date of application: 

  • The Commission proposes that negotiations will be rapid, and that the ePD will apply on the same date as the GDPR on 25 May 2018.

Notes: 

  • Browsers installed prior to 25 May 2018 will have to require users to choose a privacy setting by 25 August 2018.
  • By 1 January 2018 the Commission will establish a monitoring programme to review the effectiveness of the ePD. Three years after the application of the Regulation the Commission will evaluate its effectiveness.

General Data Protection Regulation (GDPR)

Current status:
Finalised in April 2016 and entered into force in May 2016.

Date of application: 

  • The Regulation will be transposed into national laws in every European Member State to have direct applicability on 25 May 2018.

Notes: 

  • Data processing already underway at that point will have to be brought into conformity with the new Regulation within two years (Recital 171).
  • Consent given under the e-Privacy Directive will be acceptable under the GDPR provided that that consent was given in line with the conditions of the new Regulation (Recital 171).

Key people


ePrivacy Regulation

EUROPEAN PARLIAMENT

Rapporteur:
Marju Lauristin (Civil Liberties, Justice and Home Affairs committee (LIBE))

Shadow Rapporteurs:
Michał Boni
Daniel Dalton
Sophia in ‘t Veld
Cornelia Ernst
Jan Philipp Albrecht
Lorenzo Fontana

Committees: 
ITRE Committee rapporteur: Kaja Kallas
IMCO Committee rapporteur: Eva Maydell
JURI Committee rapporteur: Axel Voss


General Data Protection Regulation (GDPR)

Member State governments

National data protection authorities

Article 29 Working Party