Features Pricing For Agencies GDPR ePrivacy About Contact
RO | EN
Start Free →
Compliance

The ePrivacy Directive and Cookies

Understand how the ePrivacy Directive (also known as the "Cookie Law") complements GDPR and what obligations you have as a website owner.

What is the ePrivacy Directive and how does it relate to cookies?

The ePrivacy Directive (2002/58/EC) — known as the "Cookie Law" — requires informed consent before storing or accessing information on a user's device. It complements GDPR: ePrivacy sets the rules for cookies specifically, while GDPR defines what constitutes valid consent.

  • Requires informed consent before setting any non-essential cookie
  • Exemption only for cookies strictly necessary for the website to function
  • Each EU member state transposes the directive into national law

What is the ePrivacy Directive?

The ePrivacy Directive (2002/58/EC, amended by 2009/136/EC) governs the privacy of electronic communications in the European Union. Often called the "Cookie Law," it requires informed consent before storing or accessing information on a user's device.

While the directive was originally focused on telecommunications, its scope has expanded to cover cookies, tracking technologies, and other forms of online data collection. Every EU member state has transposed the directive into its own national legislation.

ePrivacy and GDPR — How they work together

GDPR governs the processing of personal data in general, while ePrivacy specifically focuses on privacy in electronic communications, including cookies. The two regulations complement each other.

In practice, this means you need to comply with both: ePrivacy requires consent for setting cookies, and GDPR defines what constitutes valid consent. Key differences include:

  • ePrivacy is a directive (transposed into national law), while GDPR is a regulation (directly applicable)
  • ePrivacy covers all cookies and storage technologies, while GDPR focuses on personal data
  • ePrivacy allows exceptions for strictly necessary cookies; GDPR applies whenever personal data is processed
  • Both require prior, informed, and freely given consent for non-essential cookies

Technical requirements for compliance

To comply with the ePrivacy Directive, your website must meet the following technical requirements:

  1. Block all non-essential cookies and scripts before obtaining user consent
  2. Display a clear, informative consent banner that explains what cookies are used and why
  3. Provide granular controls allowing users to accept or reject individual cookie categories
  4. Store consent records as proof for regulatory audits and inspections
  5. Allow users to easily withdraw or change their consent preferences at any time

How CookieFix ensures ePrivacy compliance

CookieFix handles every technical requirement of the ePrivacy Directive automatically. Here is what we do for your website:

  • Automatic cookie scanning and classification into the correct categories
  • Prior blocking of all non-essential cookies until consent is obtained
  • Clear, customizable consent banner with per-category granular controls
  • Consent proof logging for regulatory audits and compliance verification
  • Easy consent withdrawal — visitors can update their preferences anytime

Ensure ePrivacy and GDPR compliance

Set up CookieFix in 5 minutes and ensure your website meets both ePrivacy and GDPR requirements.

Create free account