As users increasingly use nontraditional modes of communication, such as social media and instant messaging applications, email and VoIP, in place of traditional telephone and data services, so too must privacy laws evolve. The European Electronic Communications Code, proposed on December 4, 2018, expands the definition of electronic communications services to include these “over-the-top services.” As a result, these services become subject to data processing regulations under the existing ePrivacy Directive.

In an article written for IAPP’s Privacy Tracker, Rosa Barcelo and Matthew Buckwell discuss which obligations will apply to OTTs, whether the GDPR takes precedence over the ePD, and what service providers need to evaluate in advance of the December 21, 2020 effective date.