Following the introduction of the General Data Protection Regulation, the European Commission has been working on reforming the E-Privacy Directive. The draft law was leaked on the 13th of December 2016. Although this is not the final version, we now have a clearer idea of what to expect in the coming months. The Privacy and Electronic Communications Regulation is expected to be finalized by January 2017. Since this is no longer a directive but is now a regulation, there is no need for it to be transposed. It will become effective within 6 months as opposed to the normal 2 year period, which means that companies will have a much shorter time period within which to bring themselves in line with the Regulation.

The most important changes found within the draft Regulation are the following:

Although a revamped privacy regulation is welcome, it is certainly lacking in two important areas: it makes no mention of data retention or encryption. Local Data Protection Authorities will be responsible for the implementation of this Regulation. “OTT” (over the top) services such as Skype, Whatsapp, Facebook and Messenger will be expected to comply, together with traditional telecommunication services providers. The Regulation will have extra territorial effects as even third country websites will be required to conform in order to ensure that website visitors hailing from the European Union will have their rights protected.