Register your Interest
Apply for a Stand

Q&A with Sophie Adams – The Law Society

Q&A
Selected Categories :

Q&A with Sophie Adams – The Law Society

How will ePrivacy differ from GDPR in a legal sense? Are the two laws compatible?

The intention of the EU is that the ePrivacy Regulation complements the GDPR and does not enact new data protection rules. The ePrivacy Regulation will therefore act as lex specialis meaning that its rules will override those of the GDPR in case of conflict.

Recital (5) of the draft Regulation explains that ‘The provisions of this Regulation particularise and complement the general rules on the protection of personal data laid down in Regulation (EU) 2016/679 [the GDPR] as regards electronic communications data that qualify as personal data.’

The ePrivacy Regulation draws on Article 7 of the Charter of Fundamental Rights of the EU (“the Charter”) which protects the fundamental right of everyone to the respect for his or her private and family life, home and communications. By contrast, the GDPR is inspired by Article 8(1) of the Charter which provides that everyone has the right to the protection of personal data concerning him or her.

What are the potential legal consequences of non-complying with the ePrivacy regulation?

The remedies and penalties of the ePrivacy Regulation largely reflect those of the GDPR.

Chapter V of the draft Regulation provides that remedies, the right to compensation and liability and the general conditions for imposing administrative fines mirror those of the GDPR.

For example Article 21 lays down that without any other administrative or judicial remedy, every end-user of electronic communications services shall have the same remedies provided for in Articles 77, 78, and 79 of [the GDPR].

Article 22 provides that any end-user of electronic communications services who has suffered material damage as a result of an infringement of the Regulation shall have the right to receive compensation from the infringer for the damage suffered.  Article 23 applies Chapter VII of the GDPR (the cooperation and consistency mechanism) to infringements and imposes similar levels of fines as under the GDPR].