Here comes the European ePrivacy Regulation – the GDPR’s forgotten sibling
By now, we’ve all heard about the GDPR and its May deadline. However, in the background, the European Commission have something else waiting in the wings that is no less important to marketers – the ePrivacy Regulation.
What is it?
The current ePrivacy Directive (implemented in the UK as the Privacy and Electronic Communications Regulations 2011) will be repealed in favour of this new ‘Regulation’ and will apply directly across all EU markets.
The ePrivacy Regulation will work in tandem with the GDPR, enhancing it in light of technological developments (specifically the “Internet of Things”). The regulation is designed to complement the GDPR to provide internet users control over all their data and to ensure that businesses handle data with care. It also comes with those same hefty fines.
The GDPR comes into force on 25 May 2018 and this regulation is scheduled to come into force alongside it. However, as yet, the Regulation has not been finalised.
What does the law cover?
The previous directive was often referred to as the “cookies law”. This new regulation has a much broader scope: here are the key parts of the regulation.
In short, the proposal is to do away with annoying cookie banners and move the privacy notices into the browser. You will be able to select your default privacy settings when setting up the browser.
And which cookies count? It’s been suggested that cookies required for analytics or for improving the site experience may not be included but until we see the final regulation, there’s nothing guaranteed.
The previous directive covered the typical communications channels of the time, eg emails. However, the new regulation expands this significantly to encompass the Over-The-Tops (eg social media messaging services such as WhatsApp) and Voice Over Internet Protocol providers (eg video and audio services such as Skype).
The aim is to provide more stringent consents over these channels – both for the content of the communications and the metadata (data processed by the electronic communications network for the purpose of transmitting, distributing and exchanging the content) attached to those communications.
The soft opt-in is sticking around although it can only be retained in limited circumstances, e.g. sending promo messages to existing customers to offer similar products or services. However, the opportunity to opt-out through unsubscribe messages and interactions still needs to be available.
One of the most ambiguous aspects of the regulation is around B2B marketing communications and whether consent is required when it comes to corporate email addresses. If it is a named corporate email address, does this fall within the personal identifiable data outlined by the GDPR?
It seems there is a choice to be made by B2B marketers over whether to seek out consent or to hedge their bets on legitimate interest.
What do we do about it?
From an agency perspective, there are various aspects of this regulation that will need to be factored in to what we do and how we work but the cookies element is an important one. Banners aside, we need to consider the potential impact of this on even simple activities like A/B testing.
The industry’s key focus right now is the GDPR compliance, given the hard stop in May 2018. However, with the ePrivacy Regulation still to be finalised, we need to keep this forgotten sibling in the corner of our eye.
Richard Madigan is digital marketing consultant at MMT Digital.
Content by The Drum Network member:
MMT Digital helps clients build digital products that transform business performance.Find out more