The European Data Protection Board (EDPB) published an opinion (Opinion) on the interplay between the ePrivacy Directive (Directive 2002/58/EC) and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). The Opinion responds to questions submitted by the Belgian data protection authority, specifically:
- whether data protection authorities (DPAs) are competent to regulate processing that triggers both GDPR and the ePrivacy Directive;
- whether DPAs should take the ePrivacy Directive (and/or its national implementing legislation) into account when exercising their powers under GDPR;
- whether the cooperation and consistency mechanisms should apply to processing that triggers both GDPR and the ePrivacy Directive; and
- the extent to which processing can be governed by provisions of both the ePrivacy Directive and GDPR.
The EDPB also provided more general guidance on the interplay between the ePrivacy Directive and GDPR. This blog sets out key takeaways of the Opinion.