EU ePrivacy Directive — the cookie law explained
The ePrivacy Directive is the legal basis for cookie banners in the EU. Consentify blocks all non-essential scripts and cookies until the visitor actively consents — satisfying both ePrivacy and GDPR in one step.
What is the ePrivacy Directive?
The ePrivacy Directive (2002/58/EC, last updated 2009) is an EU law specifically covering electronic communications privacy — including cookies and tracking technologies. It requires prior informed consent before storing or accessing non-essential data on a user's device. It works alongside GDPR: ePrivacy sets the consent requirement for cookies; GDPR governs what happens with the data afterwards.
How Consentify covers ePrivacy
Prior consent enforcement
Consentify injects no tracking scripts until the visitor actively consents. The banner is rendered before any non-essential scripts load — satisfying the ePrivacy 'prior consent' requirement.
Strictly necessary cookies exempt
Authentication cookies, session management, and cart functionality are exempt from the consent requirement. You can configure these as always-on in the Consentify dashboard without asking for consent.
Granular category consent
Visitors can accept or reject by category — analytics, marketing, functional. Consentify only activates scripts in categories the user accepted.
Easy withdrawal
Users can change their cookie preferences at any time via the revoke button. ePrivacy requires withdrawal to be as easy as giving consent.
Frequently asked questions
What is the difference between ePrivacy and GDPR for cookies?
ePrivacy Directive sets the rule that you need consent before setting cookies. GDPR defines the standard for what valid consent looks like (freely given, informed, unambiguous, withdrawable). In practice you need to satisfy both — Consentify handles the consent mechanism for both.
Do I need a cookie banner for strictly necessary cookies?
No. The ePrivacy Directive exempts cookies that are strictly necessary for a service the user requested — session cookies, login state, shopping cart. You do not need consent for these. Consentify marks necessary cookies as always-on.
Does the ePrivacy Regulation replace the Directive?
The ePrivacy Regulation has been in discussion for years but is not yet in force as of 2025. The current ePrivacy Directive continues to apply. When the Regulation is adopted, it is expected to largely align with current GDPR-level requirements already covered by Consentify.
Is a cookie banner required if I only use functional cookies?
Functional cookies (language preference, UI state) may not require consent if they are genuinely necessary for the service. However, many EU regulators recommend a banner regardless to demonstrate compliance. Consentify lets you mark functional cookies as necessary and still display a transparent notice.
Stay ePrivacy compliant with Consentify
Free forever for one domain. No code required.
Get started free