GDPR and ePrivacy Regulation explainers, official docs, and status

In May 2018 two sets of new European rules on the use of personal information will disrupt advertising and media across the globe. The General Data Protection Regulation concerns the protection of personal data. The ePrivacy Regulation concerns the confidentiality of communications.

This is a repository of documents and analyses about these two new sets of rules.

Note: Elsewhere you can find details about PageFair Perimeter, which enables adtech for publishers’ websites and mobile apps under the GDPR.


Big picture explainers (in order of publication)

Secondary explainers

Sign up for updates

Subscribe to PageFair Insider to receive industry reports, updates, and news

Our position

Unusually for an ad-tech company, PageFair supports the proposed ePrivacy Regulation’s broad approach to online behavioural advertising (OBA), and was also supportive of the GDPR.


Official documents

Previously released guidance

Process tracker

ePrivacy Regulation

Current status:

  • The European Commission proposes that the ePrivacy Regulation will apply on the same day (25 May 2018) as the GDPR.
  • The draft ePrivacy Regulation is currently being agreed through the co-decision process between the European Commission, Parliament, and Council of Ministers of Member States.
  • On 12 October the European Parliament LIBE committee will vote on the rapporteur’s report, at which time the Council of Member State Ministers for Transport, Telecommunications and Energy will consider the draft.

Intended date of application: 

  • The Commission proposes that negotiations will be rapid, and that the ePD will apply on the same date as the GDPR on 25 May 2018.


  • Browsers installed prior to 25 May 2018 will have to require users to choose a privacy setting by 25 August 2018.
  • By 1 January 2018 the Commission will establish a monitoring programme to review the effectiveness of the ePD. Three years after the application of the Regulation the Commission will evaluate its effectiveness.

General Data Protection Regulation (GDPR)

Current status:
Finalised in April 2016 and entered into force in May 2016.

Date of application: 

  • The Regulation will be transposed into national laws in every European Member State to have direct applicability on 25 May 2018.


  • Data processing already underway at that point will have to be brought into conformity with the new Regulation within two years (Recital 171).
  • Consent given under the e-Privacy Directive will be acceptable under the GDPR provided that that consent was given in line with the conditions of the new Regulation (Recital 171).

Key people

ePrivacy Regulation


Marju Lauristin (Civil Liberties, Justice and Home Affairs committee (LIBE))

Shadow Rapporteurs:
Michał Boni
Daniel Dalton
Sophia in ‘t Veld
Cornelia Ernst
Jan Philipp Albrecht
Lorenzo Fontana

ITRE Committee rapporteur: Kaja Kallas
IMCO Committee rapporteur: Eva Maydell
JURI Committee rapporteur: Axel Voss

General Data Protection Regulation (GDPR)

Member State governments

National data protection authorities

Article 29 Working Party