Digital and Direct Marketers in EU ePrivacy Regulation Sights Now
Digital and direct marketers are readying for another blow from the European Union in the form of data privacy regulation. ePrivacy Regulation is going to attempt to seal the holes the E.U. left with GDPR. And American marketers will be subject to ePrivacy Regulation, too, regarding their marketing to E.U. citizens.
The revised ePrivacy Directive rules, to be renamed ePrivacy Regulation once the changes become law, were supposed to happen simultaneously with the May 25 GDPR effective date.
Cookies will probably disappear completely as a result of ePrivacy Regulation, predicts an article published Tuesday in The Register that notes that E.U. news sites have already seen a post-GDPR drop of 14% in ad and marketing cookies .
Attorneys from law firm Morrison and Foerster say of ePrivacy Regulation:
“Marketing communications to individuals are prohibited without prior consent.”
The firm expects the regulations to become law at the end of 2018 or in early 2019, and marketers may have a year to comply. On Wednesday. Julie O’Neill, a Washington, DC-based partner and former FTC staff attorney, adds:
“U.S. companies that thought they were done thinking about European privacy law may be in for a surprise. The upcoming ePrivacy Regulation is likely to affect companies’ online advertising campaigns and analytics solutions. How far the Regulation goes remains to be seen, but there is little doubt that many companies will need to adjust their practices.”
This Aug. 16 summary from TechnologyLawDispatch.com says once ePrivacy Regulation is law, it will focus on “confidentiality of users’ electronic communications. It will also regulate activities such as: direct marketing, website audience measurement, the transmission of communications across devices and browsers, and cookies set on users’ machines. According to ePR Recital 2, it intends to ‘particularise [sic] and complement’ the provisions for personal data laid down by the GDPR by ‘translating its principles into specific rules.’ ”
Morrison and Foerster says:
“ePrivacy targets, among other areas, the right to confidentiality and data privacy on all electronic communications — that includes emails, texts, the Internet, WhatsApp, Skype, online messaging, VoIP, the Internet of Things (IoT), apps, online advertising networks and telecommunications. Metadata, as well as the contents of communications, is guaranteed privacy. When it comes to personal data in electronic communications, ePrivacy even overrides GDPR.”
With GDPR, even U.S. marketers had to ensure they had opt-ins from E.U. citizens to use their private data for marketing purposes and they had to allow the customers to leave their lists if they wanted to do so. One brand lost 80% of the customers on its email list, so that law already has some marketers working to regain market share.
Meanwhile, marketers may think they’re already used to ePrivacy, because the “ePrivacy Directive” has been on the books since 2002 and was amended in 2009. But that’s a directive, not a regulation, and the E.U. finds that marketers are moving faster than the E.U.’s nearly decade-old ePrivacy Directive has been able to keep up,
So, as the International Association of Privacy Professionals states:
“The EU is moving from a directive to a regulation — echoing the move from the Data Protection Directive to the GDPR — in an effort to harmonize data protection laws across the E.U. Additionally, the scope has been extended to apply to any company processing personal data in the context of delivering electronic communications and files, including so-called ‘over-the-top’ providers like Gmail, WhatsApp and Netflix, not just traditional telecommunication providers.”
The sense of urgency about passing the law does seem to be heating up, if the May 28 statement by the European Data Protection Board is any indication:
“We call on the European Commission, Parliament and Council to work together to ensure a swift adoption of the new ePrivacy Regulation, replacing the current Directive as soon as possible after the coming into effect of the General Data Protection Regulation in May this year.”
In other words, privacy of communication in Facebook Messenger is a fundamental right, reads the upshot of the wording by the EDPB. (Opens as a PDF)
What do you think, marketers?
Please respond in the comments section below.
Related story: Don’t Think GDPR Will Impact You? Think Again