GDPR: Focus on protect user’s personal data in internet.
ePrivacy: In the same way that GDPR, ePrivacy regulation is focused on protecting user’s personal data, but eprivacy is more focused on protect that companies can’t track users and behaviors massively without the consent of the users.
If we resume in 2 sentences the main difference is:
GDPR focused in protect personal data and ePrivacy regulation focus on regulate the use of cookies.
Obviously it’s vague comparative, but we can use this sentence as basis to understand the focus of both regulation.
Since October the 31st of 2020, in Europe is mandatory that websites cannot track the behavior of their users without express consent. For this reason, we must work with consent management platforms like Cookiebot.
Nowadays we can found a lot of Cookieless Web Analytics, these cookiefree analytics really works without cookies, but the main mistake that we found is that all of them work with IP information.
If you work with IP data like clicks by country, you are not ePrivacy Compliant.
GDPR says you can work with IP data if this data is hashed or encrypted if this data is anonymous. BUT ePrivacy regulation says that you can’t work with data that can identify an individual person. Even if this data is hashed.
How can you know if cookieless web analytics is working with IP data?
When you see a country report like clicks by country, they are not ePrivacy Compliant.
Remember this trick to differentiate GDPR vs ePrivacy focused:
GDPR wants to repect the privacy of users, so they agree we work with individual but anonymizeddata.
EPrivacy wants to protect users who can be tracked without consent, even if this tracking is anonymous. So if you track individualized users but anonymously, you are NOT ePrivacy Compliant so you must request consent, even you are working with cookieless analytics.