The ePrivacy Directive, along with the General Data Protection Regulation (AVG), forms the foundation of European digital privacy legislation. While the AVG broadly addresses the protection and processing of personal data, ePrivacy focuses specifically on electronic communications, such as rules for cookies, telemarketing and keeping digital messages confidential. In the Netherlands, the directive is anchored in the Telecommunications Act, but a modernization is underway at the European level: the ePrivacy Regulation.

This regulation should respond to technological innovations and new forms of communication, including over-the-top services such as WhatsApp and other chat platforms. It also aims for stricter and more uniform supervision: under the proposal, the regulator under the AVG will also be responsible for ePrivacy, which in the Netherlands would mean the Autoriteit Persoonsgegevens taking over this task from the Autoriteit Consument & Markt.

Since the first draft of the ePrivacy Regulation in 2017, negotiations within EU institutions have been slow due to divergent views and intensive lobbying from both industry and privacy organizations. As a result, the original plan to introduce the regulation simultaneously with the AVG in May 2018 has been significantly delayed. Although the Council of the European Union agreed on a draft text in February 2021, the legislation has still not been adopted.

Key discussion points continue to include:

• Whether there will be an explicit ban on cookie walls.

• Whether cookies should only be placed after consent, or whether other legal bases are possible.

• Whether default settings should block the use of third-party tracking cookies.

The ePrivacy Regulation, like the current directive, will complement and flesh out the AVG, with the level of protection to remain at least the same. Given ongoing negotiations and technological developments such as AI-driven communication platforms, the final text will determine how digital privacy is enforced in Europe in the coming years.