The Drum Awards Festival - Extended Deadline

-d -h -min -sec

GDPR Technology EU Privacy and Electronic Communications Directive

Here comes the European ePrivacy Regulation – the GDPR’s forgotten sibling

By Richard Madigan, Digital marketing strategist

MMT Digital


The Drum Network article

This content is produced by The Drum Network, a paid-for membership club for CEOs and their agencies who want to share their expertise and grow their business.

Find out more

February 7, 2018 | 5 min read

By now, we’ve all heard about the GDPR and its May deadline. However, in the background, the European Commission have something else waiting in the wings that is no less important to marketers – the ePrivacy Regulation.

A row of people using different digital devices.

What is it?

The current ePrivacy Directive (implemented in the UK as the Privacy and Electronic Communications Regulations 2011) will be repealed in favour of this new ‘Regulation’ and will apply directly across all EU markets.

The ePrivacy Regulation will work in tandem with the GDPR, enhancing it in light of technological developments (specifically the “Internet of Things”). The regulation is designed to complement the GDPR to provide internet users control over all their data and to ensure that businesses handle data with care. It also comes with those same hefty fines.

The GDPR comes into force on 25 May 2018 and this regulation is scheduled to come into force alongside it. However, as yet, the Regulation has not been finalised.

What does the law cover?

The previous directive was often referred to as the “cookies law”. This new regulation has a much broader scope: here are the key parts of the regulation.


The rules surrounding the use of cookies is one of the most contested aspects of the regulation, particularly within the digital advertising sector, with concerns raised over the perceived inefficiencies and reduced revenue that might result.

In short, the proposal is to do away with annoying cookie banners and move the privacy notices into the browser. You will be able to select your default privacy settings when setting up the browser.

Already there is a big plus point – who likes the cookie banners anyway? But then there’s the reality. When people are consenting to the use of cookies through those banners they are giving you licence to push on with the all-important digital marketing features to enhance customer experience. If the customer is blocking these from the off through their browser, how do we maintain the experience customers have come to expect? We could also be introducing a wave of new, intrusive privacy notices to replace those cookie banners – damaging the customer experience even further.

And which cookies count? It’s been suggested that cookies required for analytics or for improving the site experience may not be included but until we see the final regulation, there’s nothing guaranteed.

Electronic communications

The previous directive covered the typical communications channels of the time, eg emails. However, the new regulation expands this significantly to encompass the Over-The-Tops (eg social media messaging services such as WhatsApp) and Voice Over Internet Protocol providers (eg video and audio services such as Skype).

The aim is to provide more stringent consents over these channels – both for the content of the communications and the metadata (data processed by the electronic communications network for the purpose of transmitting, distributing and exchanging the content) attached to those communications.

Soft opt-in

The soft opt-in is sticking around although it can only be retained in limited circumstances, e.g. sending promo messages to existing customers to offer similar products or services. However, the opportunity to opt-out through unsubscribe messages and interactions still needs to be available.

B2B consent

One of the most ambiguous aspects of the regulation is around B2B marketing communications and whether consent is required when it comes to corporate email addresses. If it is a named corporate email address, does this fall within the personal identifiable data outlined by the GDPR?

It seems there is a choice to be made by B2B marketers over whether to seek out consent or to hedge their bets on legitimate interest.

What do we do about it?

From an agency perspective, there are various aspects of this regulation that will need to be factored in to what we do and how we work but the cookies element is an important one. Banners aside, we need to consider the potential impact of this on even simple activities like A/B testing.

The industry’s key focus right now is the GDPR compliance, given the hard stop in May 2018. However, with the ePrivacy Regulation still to be finalised, we need to keep this forgotten sibling in the corner of our eye.

Richard Madigan is digital marketing consultant at MMT Digital.

GDPR Technology EU Privacy and Electronic Communications Directive

Content by The Drum Network member:

MMT Digital

We partner with organisations to create, enhance and transform their digital capabilities. Digital Experience We define your digital future, designing and...

Find out more

More from GDPR

View all


Industry insights

View all
Add your own content +