Privacy and Electronic Communications Directive

for the 2017 update Regulation on Privacy and Electronic Communications

Privacy and Electronic Communications Directive (Directive 2002/58 on Privacy and Electronic Communications aka the e-Privacy Directive) / EC Directive 2009/136/EC[1] amended by Directive 2009/ 136/EC (“Cookie Directive”).


In 1997, the European Union adopted the Telecoms Directive which related to privacy in the telecommunications sector. At the time of adoption it became apparent that it was immediately out of date, due to it being unclear as to how it would apply to the internet and other developing technology. The Telecoms Directive did not specifically address the use of cookies or other software devices that could be utilised to monitor the browsing habits of internet users. On one hand it regulated direct marketing by fax and telephone, but on the other, it did not deal with more modern forms of direct marketing via emails and mobile phone text messages.

There was a widespread concern that the internet posed a multitude of threats relating to privacy (e.g. cookies and spyware), and these concerns resulted in the European Union adopting a replacement directive. On 31 July 2002 the EU adopted the Privacy and Electronic Communications Directive (Directive Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector 2002/58/EC). While the directive reiterates provisions that are relevant to telecommunication companies (i.e. itemised billing; directories of subscribers), it also widens the previous directive to apply to new technologies. The Privacy and Electronic Communications Directive contains controversial provisions that affect cookies, spam (unsolicited e-mail) and data retention. The passing of this Directive completed the ‘telecoms package’, which is a set of EU Directives that established a regulatory framework for communication services.

UK Implementation

See also