Launch Q3 2026
BearGuard®
BearGuard®
Governance & AI Guardrails
DE EN
🔒 EU/EEA Data Protection

ePrivacy Directive / TTDSG

The ePrivacy Directive (2002/58/EC) and Germany's TTDSG govern privacy in electronic communications, cookies, and online tracking.

LinkedIn X WhatsApp

Summary

The ePrivacy Directive (Directive 2002/58/EC, also known as the "Cookie Directive") is an EU legal framework governing privacy in electronic communications. It complements the GDPR by providing specific rules on cookies, tracking technologies, unsolicited communications, and the confidentiality of electronic messages.

  • Cookies and tracking: Users must give explicit consent to the storage of cookies and similar technologies unless strictly necessary.
  • Electronic communications: Confidentiality of emails, SMS, and online communications is protected.
  • Unsolicited marketing: Opt-in requirement for electronic direct marketing.
  • TTDSG (Germany): The Telekommunikation-Telemedien-Datenschutz-Gesetz implements ePrivacy requirements into German law, effective 1 December 2021.

History

The ePrivacy Directive was adopted in 2002, replacing the 1997 Telecommunications Privacy Directive. The most significant amendment came in 2009 via Directive 2009/136/EC (the "Cookie Directive"), which introduced explicit consent requirements for cookies. In Germany, the directive was initially implemented through the Telemediengesetz (TMG) and Telekommunikationsgesetz (TKG). The TTDSG came into force on 1 December 2021, consolidating the data protection provisions of both laws. Since 2017, the EU has been working on an ePrivacy Regulation to replace the directive — as of 2026, this process remains incomplete.

Scope

The ePrivacy Directive applies to providers of publicly available electronic communications services and networks in the EU, as well as all operators of websites and apps that use cookies or similar technologies targeting users in the EU. The TTDSG applies to anyone providing telemedia or telecommunications services in Germany, regardless of where the provider is located.

Key Requirements

  • Cookie consent: Active, informed consent required before setting non-essential cookies.
  • Opt-in for direct marketing: Email and SMS advertising only with prior consent.
  • Confidentiality of communications: Prohibition on unauthorized interception or surveillance.
  • Traffic data: Restrictions on storage and use of communications metadata.
  • Right to anonymous use: Call and connection data must be deleted or anonymized after transmission.
  • Security: Providers must implement appropriate technical and organizational measures to protect communications.

Related Frameworks

GDPR/DSGVO

Corrections & Errata

2026-QA-070 Correction 28 February 2026
Quality Audit: ePrivacy Directive / TTDSG

2 corrections:
- ePrivacy key_dates: Predecessor Directive 97/66/EC date is wrong
- ePrivacy: effective_date is 2002-07-31 (OJ publication), not 2002-07-12 (adoption)

Full details on the errata page →

Content last reviewed: 22 February 2026. Found an error or need an update? [email protected]