Effective regulation through design – Aligning the ePrivacy regulation with the EU General Data Protection Regulation (GDPR): tracking technologies in personalised internet content and the data protection by design approach

After numerous revisions of the initial draft of the ePrivacy Regulation, the Portuguese presidency finally submitted a draft that all EU Member States agreed on. We would like to take the opportunity of the beginning of the trilogue to point out a serious technical flaw in the current draft. This flaw lies in the ambiguous relationship between the ePrivacy Regulation and the GDPR. As such, this ambiguity calls into question the applicability of several decisive provisions of the GDPR; first and foremost, the data protection by design approach and co-regulation instruments such as codes of conduct and certificates.