This paper examines whether the EU requires a dedicated ePrivacy Regulation to strengthen the right to confidentiality of communications. Employing doctrinal legal analysis and historical-legal reconstruction, it traces the evolution and practical limitations of this right under Article 8 of the European Convention on Human Rights, EU primary law, and the GDPR framework. The study reveals that confidentiality of communications possesses not only an individual privacy dimension but also essential collective functions—safeguarding freedom of expression, sustaining digital trust, and underpinning the information society. This dual normative character distinguishes it fundamentally from general data protection and constitutes its distinct legal foundation. Consequently, the paper establishes the normative legitimacy and policy urgency of regulating confidentiality of communications separately from the GDPR. It thus provides critical theoretical grounding and institutional design guidance for the long-pending EU ePrivacy Regulation.

In the European Union, the General Data Protection Regulation (GDPR) provides comprehensive rules for the processing of personal data. In addition, the EU lawmaker intends to adopt specific rules to protect confidentiality of communications, in a separate ePrivacy Regulation. Some have argued that there is no need for such additional rules for communications confidentiality. This Article discusses the protection of the right to confidentiality of communications in Europe. We look at the right's origins to assess the rationale for protecting it. We also analyze how the right is currently protected under the European Convention on Human Rights and under EU law. We show that at its core the right to communications confidentiality protects three individual and collective values: privacy, freedom of expression, and trust in communication services. The right aims to ensure that individuals and organizations can safely entrust communication to service providers. Initially, the right protected only postal letters, but it has gradually developed into a strong safeguard for the protection of confidentiality of communications, regardless of the technology used. Hence, the right does not merely serve individual privacy interests, but also other more collective interests that are crucial for the functioning of our information society. We conclude that separate EU rules to protect communications confidentiality, next to the GDPR, are justified and necessary.