By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
The ePrivacy Directive (officially the “Directive 2002/58/EC” and its 2009 amendment) governs privacy in electronic communications across the EU. It sets the rules for cookie consent, direct marketing, and the confidentiality of traffic/data. For a website that serves EU visitors, failing to obtain proper cookie consent can trigger €20 million or 4 % of global turnover fines under the GDPR‑aligned ePrivacy Regulation draft. Think of a multinational retailer’s EU‑focused e‑commerce site that drops tracking cookies on every page load – without a clear opt‑in banner, the site is already in breach of the ePrivacy Directive.
Mistake: Assuming “click‑through” on a privacy notice equals valid consent. Correction: Consent must be affirmative, specific, and freely given; a passive scroll or pre‑ticked box does not satisfy Art. 5(3).
Mistake: Treating “soft‑opt‑in” as a blanket exemption for all existing customers. Correction: The exception only applies when the marketing is about similar products/services and an easy opt‑out is provided; otherwise, explicit opt‑in is required.
Mistake: Forgetting to purge traffic data after the transmission is complete. Correction: Retain metadata only for the period needed for billing, fraud detection, or legal obligations; automatically delete or anonymise it thereafter.
Mistake: Using a single CMP for both GDPR and ePrivacy without distinguishing the consent scopes. Correction: Separate consent records for purpose‑based GDPR consent and cookie‑based ePrivacy consent; each must be stored and retrievable independently.
Mistake: Assuming the ePrivacy Directive no longer applies because the EU is drafting the ePrivacy Regulation. Correction: Until the Regulation is in force, the Directive (and its national implementations) remains the applicable law; exam questions still reference the Directive.
Scenario: A French e‑commerce site wants to place a Facebook “Like” button on product pages. Answer: The site must obtain prior explicit consent before the button loads because the social plug‑in sets third‑party cookies that are not strictly necessary.
Scenario: An Italian telecom operator wants to use call‑detail records for targeted advertising. Answer: It must first get opt‑in consent from each subscriber; using traffic data for marketing without consent breaches Art. 5(1) confidentiality.
Scenario: A UK‑based newsletter provider sends promotional emails to EU customers who previously bought a product. The emails contain an “unsubscribe” link. Answer: Because the emails are direct marketing to existing customers and include a clear opt‑out, the soft‑opt‑in exception applies; no prior consent is needed.
Use these nuggets to lock in the core of the ePrivacy Directive before the exam – they’re the “must‑know” facts that separate a pass from a high score. Good luck!
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.