ePrivacy Directive (2002/58/EC)
In force since 31 July 2002
Agent Navigation: For section discovery, use /regulations/eu/eprivacy-directive/llms.txt
Quick Reference
The ePrivacy Directive (2002/58/EC) regulates privacy in electronic communications across the EU. Often called the “Cookie Law”, it covers cookies, direct marketing, traffic data, and confidentiality of communications. Implemented nationally (UK: PECR, Germany: TTDSG, etc.).
Applies to: Providers of electronic communications services and anyone using cookies/tracking on websites accessible to EU users
Key rules:
- Cookies and similar technologies require informed consent before storage [Art 5(3)]
- Unsolicited electronic marketing requires prior opt-in consent [Art 13(1)]
- “Soft opt-in” exception for existing customer relationships [Art 13(2)]
- Traffic data must be erased or anonymized when no longer needed [Art 6]
- Location data requires explicit consent with opt-out option [Art 9]
| Question | Answer | Citation |
|---|---|---|
| Need consent for cookies? | Yes, except strictly necessary | Art 5(3) |
| Marketing emails need opt-in? | Yes, with soft opt-in exception | Art 13 |
| Can track location? | Only with consent + opt-out | Art 9 |
| How long keep traffic data? | Only while needed for transmission | Art 6 |
| Who enforces? | National DPAs | Art 15a |
Regulation Map (All Chunks)
Every section of the ePrivacy Directive coverage is listed here for full-text lookup and agent navigation.
Definitions
Requirements
- ePrivacy: Automatic Call Forwarding
- ePrivacy: Calling Line Identification
- ePrivacy: Confidentiality of Communications
- ePrivacy: Cookie Consent Requirements
- ePrivacy: Direct Marketing Rules
- ePrivacy: Directories of Subscribers
- ePrivacy: Exceptions for Emergency Services
- ePrivacy: Itemised Billing and Privacy
- ePrivacy: Location Data
- ePrivacy: Security of Processing
- ePrivacy: Traffic Data