ePrivacy Directive

Definition

The ePrivacy Directive (2002/58/EC, amended in 2009) is the European text that specifically regulates electronic communications and the use of cookies and trackers. Often called the “cookie directive”, it is the legal foundation for the consent requirement for cookie placement in Europe. It complements the GDPR by applying specifically to read and write operations on the user’s device.

Article 5.3: the consent rule

Article 5.3 of the directive requires that any storage of information or access to information stored on the user’s device (cookie, localStorage, fingerprinting) requires prior consent, unless the operation is strictly necessary for the service requested by the user. This is the article that mandates consent before setting an analytics cookie.

Transposition in France

In France, the ePrivacy Directive is transposed into Article 82 of the Data Protection Act (Loi Informatique et Libertes). The CNIL is responsible for its enforcement and has published detailed guidelines on cookies and trackers. Penalties for non-compliance can reach 4% of global annual revenue.

Toward the ePrivacy Regulation

An ePrivacy Regulation has been under discussion at the European level since 2017 to replace the directive and align with the GDPR. Its adoption has been repeatedly postponed. In the meantime, the directive remains in force and CMPs must comply with it for consent management on websites.

Have an analytics project?

Let's discuss your tracking, measurement and data needs. Free initial consultation, no commitment.

Book a call