EU General Data Protection Regulation (GDPR) - ePrivacy Directive

Data protection and privacy are two separate rights in the EU Charter of fundamental rights. 

The GDPR is a data protection law, while the ePrivacy Directive is focused on on-line privacy. Both legal frameworks play crucial roles in safeguarding data protection within the European Union.

The GDPR came into effect in 2018. It is a comprehensive data protection law applicable to EU residents' data. Its primary objective is to empower individuals by giving them control over their personal data. Key aspects of the GDPR include:

• Enhanced rights of data subjects
• Accountability of data controllers and data processors
• Data breach notification
• Cross-Border data transfers
• Appointement of data protection officers

The GDPR complements the ePrivacy Directive and extends some of its requirements. For instance, while the ePrivacy Directive focuses on electronic communications, the GDPR covers a broader spectrum of personal data processing.

The ePrivacy Directive (2002/58/EC), addresses privacy and data protection in the electronic communications sector. Key provisions include:

• Cookies and Consent: Websites must obtain user consent before placing certain types of cookies or similar tracking technologies.
• Confidentiality of Communications: It ensures the confidentiality of electronic communications, including email and messaging.
• Marketing Communications: The directive regulates unsolicited marketing communications (e.g., email, SMS).