Which platforms does ePrivacy Directive apply to?

ConductAtlas tracks ePrivacy Directive-relevant provisions across 100 platforms. Visit the regulation page to see all affected platforms and their specific provisions.

How does ConductAtlas monitor ePrivacy Directive compliance?

ConductAtlas captures policy documents daily, classifies provisions by regulatory framework, and flags changes that affect ePrivacy Directive obligations. Every change is archived with cryptographic verification.

Directive 2002/58/EC (as amended by Directive 2009/136/EC)

ePrivacy Directive

Directive — European Union

Effective: July 12, 2002 100 platforms tracked 1239 provisions indexed Enforced by: National Data Protection Authorities, National Telecom Regulators Last reviewed May 9, 2026

Overview

The ePrivacy Directive governs the processing of personal data and the protection of privacy in the electronic communications sector. Article 5(3) is particularly significant: it requires prior informed consent before storing or accessing information on a user's terminal equipment (cookies, tracking technologies, local storage), with narrow exceptions for storage strictly necessary to provide a service explicitly requested by the user. The Directive complements the GDPR and applies specifically to electronic communications, covering cookies, direct marketing, traffic data, and location data. A proposed ePrivacy Regulation intended to replace it has been under negotiation since 2017.

Penalties

Set by national implementing legislation. Varies by EU member state.

Key Articles & Sections

Article 5(3) Confidentiality of Communications — Cookie Consent

Requires prior informed consent before storing or accessing information on a user's device, with limited exceptions for technically necessary storage.
Read full text →
Article 13 Unsolicited Communications

Restricts direct marketing communications via electronic means, requiring prior consent for most forms of electronic marketing.
Read full text →

Platforms We Track Subject to ePrivacy Directive

23andMe

5 relevant provisions

Activision

5 relevant provisions

Adobe

2 relevant provisions

Adyen

6 relevant provisions

Affirm

5 relevant provisions

Afterpay

6 relevant provisions

AI21 Labs

2 relevant provisions

Airbnb

4 relevant provisions

Airtable

2 relevant provisions

Allstate

0 relevant provisions

Amazon

4 relevant provisions

Amazon Marketplace

17 relevant provisions

American Airlines

3 relevant provisions

Amplitude

5 relevant provisions

Ancestry

1 relevant provision

Anthropic

20 relevant provisions

Anyscale

3 relevant provisions

Apple

4 relevant provisions

Apple App Store

9 relevant provisions

Apple Pay

3 relevant provisions

Arlo

7 relevant provisions

Asana

2 relevant provisions

Atlassian

3 relevant provisions

AT&T

1 relevant provision

Audible

8 relevant provisions

Auth0

2 relevant provisions

AWS

4 relevant provisions

AWS Bedrock

2 relevant provisions

BeReal

3 relevant provisions

Best Buy

1 relevant provision

Showing 30 of 100 platforms. View all platforms →

Recent Changes Related to ePrivacy Directive

Jun 16, 2026 Postman Low

The detected change is a build timestamp update in the HTML metadata of Postman's privacy policy page, changing from June 12 to June 16, 2026. This reflects a document rebuild or republication event.…
View change record →
Jun 16, 2026 AI21 Labs Medium

AI21 Labs updated its Terms of Service on June 16, 2026, making material changes to its cookie consent and data collection disclosures. Previously, the terms explicitly offered users the ability to o…
View change record →
Jun 16, 2026 Replit Low

Replit modified a timestamp reference in their Terms of Service on June 16, 2026. The previous version stated 'CA 5:52 PM' while the updated version now states 'CA 12:23 AM'. This appears to be a min…
View change record →
Jun 16, 2026 Replit Low

Replit updated a timestamp in their Privacy Policy from 5:52 PM to 12:23 AM on June 16, 2026. The change appears to be a minor correction or update to a timestamp notation that accompanied the statem…
View change record →
Jun 16, 2026 Threads Low

Threads updated its privacy policy footer on June 16, 2026 to modify how users can access support resources. The previous language referenced 'Report a post or reel' and 'How to reset my password?' a…
View change record →
Jun 16, 2026 OpenSea Low

OpenSea's privacy policy was updated on June 16, 2026, with one sentence modified. The change appears to involve a numerical value: the previous version referenced '$1,796.51' while the updated versi…
View change record →
Jun 16, 2026 OpenSea Low

OpenSea updated its Terms of Service on June 16, 2026, with a single sentence modification that resulted in a pricing display change from $1,796.51 to $1,785.11. The specific operational purpose of t…
View change record →
Jun 16, 2026 WhatsApp Low

WhatsApp's Privacy Policy on June 16, 2026 contains changes across 3 sentences within its structure, though the specific content modifications are not clearly evident from the provided HTML diff. The…
View change record →
Jun 16, 2026 WhatsApp Low

The detected change consists of minor modifications to the HTML metadata and page structure of WhatsApp's Terms of Service document, including updates to internal identifiers and resource hashes. The…
View change record →
Jun 16, 2026 Oura Medium

Oura's June 16, 2026 privacy policy update adds explicit disclosure of AI and machine learning features used in the service, including the Oura Advisor assistant and algorithmic suggestions. The upda…
View change record →

ⓘ

ConductAtlas maps governance language to potentially relevant regulatory frameworks. Regulatory applicability and enforceability may vary by jurisdiction, enforcement context, and individual circumstances. This page is informational and does not constitute legal advice. Methodology