Home / Legal & Compliance

Will new EU ePrivacy law be the cause of more regulation frustration?

By / Adam Williams / In Best practice /

Despite timely advice, recent research shows that 32% of UK organisations are as yet unprepared for next year’s changes to data protection regulations (GDPR). But will this potentially costly failure to prepare be further compounded by a complementary and co-inciding law change – the EU ePrivacy law? The implications for the data driven marketing industry are far-reaching, in terms of how businesses can approach customers, collect and process data.

Last week, it was reported that 68% of businesses would be GDPR (General Data Protection Regulation) compliant in time for 2018. If the findings of the UK DMA’s ‘GDPR and you’ survey are correct, it means 32% of organisations are running the risk of substantial penalties if they are found to be in breach of the regulation. If that wasn’t bad enough, we now look towards Brussels, as the proposal for the adoption of new ePrivacy regulation has been published! And what’s more, the intention is to have this complementary law coincide with the GDPR deadline of May 2018, however unlikely that ma data protection y be.

Earlier this month, I travelled to the European Parliament to learn more. The intention of the European Commission’s proposal for a regulation on privacy and electronic communications is to reinforce trust and security in the ‘Digital Single Market’. To do this, the legal framework on ePrivacy will be updated. Currently, it is the ePrivacy Directive 2009 and the pending GDPR that protects the digital privacy for EU citizens.

The ePrivacy Directive protects the fundamental rights and freedoms of EU citizens, and particularly confidentiality of communications and the protection of personal data in the electronic communications sector. The Directive guarantees the free movement of electronic communications data, equipment and services throughout the EU. However, whilst it is a relatively ‘young’ directive, it is has rapidly become outdated and does not take in to account so called Over-the-Top (OTT) services.

Therefore, the proposed regulation determines that the principle of confidentiality should apply to current and future means of communication. This includes calls, Internet access, instant messaging applications, email, Internet phone calls and personal messaging provided through social media.

I would encourage everyone in the data driven marketing industry to read the proposal. However, the two key aspects are as stated:

(8) This Regulation should apply to providers of electronic communications services, to providers of publicly available directories, and to software providers permitting electronic communications, including the retrieval and presentation of information on the internet. This Regulation should also apply to natural and legal persons who use electronic communications services to send direct marketing commercial communications or collect information related to or stored in end-users’ terminal equipment.

(9) This Regulation should apply to electronic communications data processed in connection with the provision and use of electronic communications services in the Union, regardless of whether or not the processing takes place in the Union. Moreover, in order not to deprive end-users in the Union of effective protection, this Regulation should also apply to electronic communications data processed in connection with the provision of electronic communications services from outside the Union to end-users in the Union.

The implications for the data driven marketing industry are potentially far-reaching in terms of how businesses can approach customers, collect and process data. For example, online advertisers will be affected by the intention to give ‘end-users’ more control via their Internet browser regarding the acceptance of cookies from third parties.

EU ePrivacy law, GDPR: be sure to take compliance seriously

Interestingly, during stakeholders consultations conducted by the EC, 83.4% of citizens and civil society organisations, along with 88.9% of public authorities, agreed that there needs to be special rules regarding the confidentiality of electronic communications. However, more than half (63.4%) of industry respondents did not agree. Perhaps they are weary at the prospect of another compliance initiative in the wake of GDPR.

As a responsible data provider, we take regulatory compliance very seriously indeed (whether it is regulation imposed on us, or the codes of practice we enforce upon ourselves) and I am comforted that we will be in the 68% of organisations that will be GDPR compliant by May. As such, I fully expect we will be well placed to comply with ePrivacy Regulation.

However, the path to GDPR compliance has not been easy for many organisations (and some are still to have this realisation!) It has been far from easy to reach this stage and has required a huge amount of work and resource, although the benefits we have been able to reap have been equal to the net loss, so our path to GDPR adherence has been cost neutral. So, it is perhaps not surprising that industry responded the way it did to this latest EC consultation.

Of course, the UK finds itself in a slightly difficult situation politically. Following the House of Commons vote, the UK is another step closer to triggering Article 50 and the commencement of our separation from the EU. Yet, depending on the speed at which this new regulation becomes law, it will dictate whether the UK will still be bound by it. That being said, as with GDPR it is likely that if organisations are using data from EU citizens they will be undoubtedly be held accountable for any wrongdoing.

Furthermore, there is also a strong likelihood that the Information Commissioners Office will view the regulation as best practice and take a similar if not identical stance. After all, the existing directive currently informs our Privacy and Electronic Communications Regulations (PECR) which sits along the Data Protection Act 1998.

In respect to direct marketing, it applies to organisations offering products and services for commercial purposes, as well as messages sent by political parties and other non-profit organisations.

This isn’t intended to be a definitive assessment of the ePrivacy regulation proposal, but a raising of the red flag to organisations that this is going on right now, and those who it will affect (and that is most organisations in the data industry) need to keep a watchful eye on its developments.

Read also:

Get your house in order ready for incoming data protection rule

The 2018 data protection regulation deadline is a ‘red herring’

Get your house in order

Username

Basic Information

First Name *

Last Name *

Company *

Job Title *

Country *

Account Information

Password

Confirm Password

E-mail Address

Confirm E-mail

Biographical Info

Share a little biographical information to fill out your profile. This may be shown publicly.

Terms and Conditions

Terms and conditions – website usage

Welcome to the Global Marketing Alliance (GMA). The GMA website is a product of the Global Marketing Alliance Ltd. If you continue to browse and use this website, you are agreeing to comply with the following terms and conditions of use, which together with our privacy policy, govern GMA’s dealings with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website.

GMA may amend these Terms and Conditions at any time by posting the amended Terms and Conditions on the GMA site.

The term GMA or ‘us’ or ‘we’ refers to the owner of the website whose registered office is at 7a Queen Street, Godalming, Surrey, GU7 1BA, UK. The term ‘you’ refers to the user or viewer of our website or to those who become members of GMA.

The use of this website is subject to the following terms of use:

The content of the pages of this website is for your general information and use only. It is subject to change without notice.
The information provided and the opinions expressed in this website represent the views of the authors and contributors.
Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. We are not liable for any inaccuracies or errors.
Your use of any information or materials on this website is entirely at your own risk, it is your responsibility to check that the information available meets your requirements.
This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
Information on this site may be contributed by our members or other contributors (including in blogs). We do not control the information they provide and are not responsible for the views expressed
If you believe that your intellectual property rights have been infringed on this site please notify us. We accept no liability for infringements as a result of user generated content but we will take reasonable action to remove such content where possible.
Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
Every effort is made to keep the website up and running smoothly. However, we take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
We reserve the right to refuse, suspend or cancel your access to the site at any time and without notice.
If you are acting as an employee, you warrant that you are authorised to enter into legally binding contracts on behalf of your employer. You further warrant that your employer agrees to be bound by these Terms and Conditions.
Purchases of training products or delegate places at events advertised on this site are subject to the terms and conditions of the providers.
Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Northern Ireland, Scotland and Wales.

Copyright notice

Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:

you may print extracts for your personal and non-commercial use only
you may refer to and quote from the content for review or reference purposes within the limits of “fair dealing”, but only if you acknowledge the website as the source of the material
You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

I agree to the Terms and Conditions

Full Name LEAVE THIS BLANK

I agree to the Terms and Conditions

Author: Adam Williams

DBS Data | www.the-gma.com

Adam Williams is managing director of DBS Data.

Will new EU ePrivacy law be the cause of more regulation frustration?