So, you thought the General Data Protection Regulation (GDPR) was something to worry about?
Well, get ready for the ePrivacy Regulation, a new regulation that focuses specifically on the privacy of individuals as it relates to electronic communications. The regulation aims to work in conjunction with the GDPR to ensure data is handled with care by organisations and give individuals more control over their internet data.
Here are 6 things you need to know about the ePrivacy Regulation:
- ePrivacy Regulation trumps the General Data Protection Regulation. Both the ePR and the GDPR govern the same subject matter. However, because the ePrivacy Regulation governs the specific handling of an individual's data with regards to electronic communications, it would override the GDPR which governs the law in a broader context.
- Why a 'Regulation' is different from a 'Directive'. The ePrivacy Regulation will repeal the current ePrivacy Directive, which is implemented in the UK as the Privacy and Electronic Communications Regulations (PECR).
The ePrivacy Directive is a legal act of the European Union, which requires member states, such as the UK, to achieve a particular result, without dictating as to the specifics of how that result should be achieved. Hence, the PECR.
However, the ePR is not open to interpretation and is a binding legislative act that applies directly in member states and requires no domestic law to enact them.
- The deadline for the ePrivacy Regulation was the 25 May 2018, but... ePrivacy was meant to be put into law on the 25 May, the same day as the GDPR. However, the new regulation has still not been finalised, as it goes through multiple iterations before it is enshrined into EU law. Expect it to be in place in the next six to twelve months, with the latter being the most likely.
- The penalty for non-compliance is the same as GDPR. The regulation carries the same penalty as the GDPR, which means a possible fine of €20 million or 4% of your annual turnover, whichever is larger.
- You might not be able to email an individual at a business. There was a lot of debate and confusion about whether you could email an individual at a business under the GDPR.
I even asked a lawyer who specialised in GDPR at a seminar earlier this year, who confirmed to me that you could email an individual at a business, but he finished with the words: “what you need to worry about is the ePrivacy Regulation!”
Article 16.1 of the proposed regulation states: “Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons that have given their consent.”
In effect, emailing an individual at a business, such as firstname.lastname@example.org, would require prior consent.
We will be keeping a close eye on this one, so be sure to stay up to date by signing up for our newsletter.
If that's the case, then we could see an end to consent banners, as an individual would be able to set the types of cookies that are deployed when they first setup their browser.
From a marketing perspective, this could affect targeted based ads and social media retargeting ads, which determine the content displayed based on browsing habits.
It's safe to say that the proposed ePrivacy Regulation is something to pay very close attention to. The regulation in its current form will undoubtedly have an impact on your current online marketing activities.
We will be keeping up to date with the latest developments and changes as they happen. If you want to join us, sign up for our marketing newsletter to get email alerts on the ePR, as well as other marketing news and insight, straight into your inbox.