ePrivacy Directive
The law the cookie banner answers to — consent before anything is stored or read, GDPR's older and narrower sibling.
- Term
- ePrivacy Directive
- Is
- The EU's e-communications privacy law
- Known as
- The cookie law (2009 amendment)
- Pairs with
- GDPR, which defines the consent
Forms & parts of speech
Definition in plain terms
The ePrivacy Directive is the EU law governing privacy in electronic communications — confidentiality of communications, unsolicited messages, and, famously, the rule that earned it the nickname 'cookie law': storing information on a user's device, or accessing information already there, requires informed consent unless strictly necessary for a service the user requested. Enacted in 2002 and amended to add the consent rule in 2009, it is why the banner asks BEFORE the cookie is set — a fact popularly misattributed to GDPR.
The mechanics
The division of labor with GDPR confuses everyone and matters operationally: ePrivacy supplies the consent-before-storage rule (and it covers any device storage or access — cookies, localStorage, fingerprinting techniques, SDK identifiers — the technology-neutral phrasing ages well); GDPR defines what valid consent IS (freely given, specific, informed, unambiguous — the standard that killed pre-ticked boxes in the CJEU's Planet49 judgment) and governs the personal-data processing that follows. The 'strictly necessary' exemption draws the practical line: session carts, security, and load balancing need no consent; analytics, advertising, and personalization storage do — which is exactly the architecture every CONSENT-MANAGEMENT-PLATFORM implements and CONSENT-MODE-V2 signals downstream. Enforcement runs through national regulators applying their transpositions (CNIL's nine-figure fines against major platforms were ePrivacy actions), and the long-promised ePrivacy Regulation — drafted to replace the directive and harmonize the patchwork — spent so many years stalled in Brussels that the directive's 2009 text still governs the 2020s web. For marketers the practical summary: the banner's ask-first behavior, the exemption boundaries, and the no-tracking-before-consent rule all live here, with GDPR supplying the consent quality bar and the processing rules afterward.
When it matters
The ePrivacy Directive matters to anyone with EU traffic — it is the legal floor under every cookie banner, tag-firing rule, and consent-gated pixel this glossary's measurement entries assume. It matters analytically at the exemption line (what may run pre-consent) and at audit time, when 'tags firing before consent' is the finding regulators reach for first. The discipline is architectural: nothing non-essential stored or read before consent, the CMP as enforcement rather than decoration, and the directive read alongside GDPR — one law for the asking, one for the answer's quality. (General information, not legal advice.)
Synonyms & antonyms
Synonyms
Antonyms
Origin & history
Directive 2002/58/EC governed electronic-communications privacy from 2002, and its 2009 amendment added the consent-before-storage rule that named it the cookie law; the replacement ePrivacy Regulation has been stalled in EU process since 2017, leaving the directive — and its national transpositions — running the modern web's banners.
Etymology: source.
Usage trends
Search interest for this term over the last five years:
Common questions
- What is the ePrivacy Directive?
- The EU's electronic-communications privacy law — confidentiality, unsolicited messages, and the consent-before-storage rule (2009 amendment) that made it 'the cookie law.'
- How do ePrivacy and GDPR fit together?
- ePrivacy requires consent before storing or accessing anything on a device; GDPR defines what valid consent is and governs the processing afterward — the asking and the answer's quality.
- What can run before consent?
- Only the strictly necessary — session carts, security, load balancing; analytics, advertising, and personalization storage wait for the banner's yes.
Related tools & calculators
- toolCAC calculator
- toolLTV:CAC calculator
Resources & people to follow
- referenceWikipedia — ePrivacy Directive
- referenceCJEU Planet49 judgment on consent standards
- referenceRGM analysis — the audit lives in the milliseconds before consent; the CMP is a gate, not a guestbook
Curated, non-competitor resources verified per term.
Related training
- modulePerformance marketing
Disciplines
Areas of marketing where eprivacy directive is a core concern: