The new ePrivacy Directive - making life after GDPR tougher? | DMA
DMA - Data and Marketing Association

Filter By

Show All
X
Start Contributing
My Contributions
X
X

Connect to

X

The new ePrivacy Directive - making life after GDPR tougher?

13 Feb 2017

T8a17db791930-occamdmeprivacy_58a17db791839-85.jpg

If you’ve been preparing for the introduction of the GDPR by reviewing the information that’s already publicly available, you may have noticed that a large part of the framework relates to the PECR (Privacy and Electronic Communications Regulations). PECR covers specific rights that individuals have with regards to electronic communications (marketing calls, cookies, emails, etc.) but these regulations are set to be replaced by the e-Privacy Directive.

On the 12th of December 2016 the text of this replacement directive was leaked. The draft suggests a significant toughening of the online and direct marketing landscape and a convergence toward the principles of the GDPR.

This is just a draft at present, and the leaked text may not be 100% accurate, but it is worth noting the proposed changes and considering their implications.

Bear in mind this is a Directive, which means it is not law and individual countries currently have autonomy to alter it. Assuming things run their natural course, however, it will be upgraded to a Regulation and pass into law.

 

Areas of Interest:

Cookies and Similar technology

The draft broadly maintains the current consent rule for cookies. Prior consent will be required unless there is a strict necessity for electronic communication with the subject.

The draft suggests that rules will apply not only to cookies but also whenever information about the device in question is collected.

What about Analytics? The draft does not refer to analytics specifically, but does suggest a more relaxed approach for "web audience measuring to that service…carried out by the provider of the information society service".

Analytics companies may need to reword consent requests, though, to better capture their activities.

We can expect much negotiation and lobbying - especially from the online advertising industry - before the draft text is finalised. It does, however, seem that the cost of getting cookie compliance wrong in the future will be much more significant.

 

Browser Providers/Mobile Device Providers and ‘Do not Track’

Unsurprisingly, the definition of consent used in GDPR applies to the draft e-Privacy text. There are, however, some practical changes that will make obtaining consent much trickier.

The draft requires technology providers to include default settings which must all be set to preclude third parties from storing information on, or using information about, an end-user’s device. Browsers will have to be pre-configured so that cookies used for frequency capping of ads or ad-serving will be blocked by default unless a user opts to enable them.

Similarly, mobile device manufacturers and operating system manufacturers will have to ensure that SDKs (used by app developers to allow ad tech companies to collect data) are blocked by default.

The draft also states that end-users can express consent simply by the technical settings of a software application which gives them access to the Internet. If all their browser defaults are set to reject cookies, then they switch settings to allow cookies, this will operate as a permission for cookies, without need for overlays or consent pages.

Marketing Opt-Outs and Opt-Ins

The new text contains rules on email and phone marketing.

The draft proposes a general prior consent (i.e. opt-in) requirement whenever electronic communications services are used to transmit direct marketing. The current distinctions between corporate subscribers and individual subscribers are not retained – although the so-called ‘soft opt-in’ for email marketing for similar products and services in limited circumstances remains.

Voice calls are generally considered more intrusive than other forms of marketing. Direct (voice) marketing calls will be required to use a specific marketing prefix number, so that end-users can recognise them as marketing calls.

 

Liability and Sanctions

The draft follows the approach of GDPR in extending broader rights to individuals (such as rights for representative bodies to bring claims and provisions tilting the balance of proof in favour of individuals).

The fines are also in line with GDPR:

2% of turnover – applicable to providers of devices and software who fail in their privacy

4% of turnover – for breaches of communications secrecy requirements, cookies and rules on use of metadata

 

Timing

The draft suggests that it will come into force 20 days after publication in the Official Journal and will be effective 6 months after that. The Commission objective had been to ensure that changes to this instrument were effective at the same time as GDPR – i.e. 25th May 2018.

Summary

The proposed directive (and future Regulation) provides additional privacy and data protection, guidelines and fines! There is lots here to digest and we’ll all need to consider the contents of the final draft in conjunction with the upcoming GDPR changes.

Giles Kirkham, Information Security Officer at Occam DM Ltd (part of the St Ives Group)

Neth Williams Neth Williams

Occam DM Ltd
Marketing Manager at Occam DM

Hear more from the DMA

Please login to comment.

Comments

Related Articles

What UK Marketers Need to Know in 2024: A Guide for the Financial Services Marketer

A new government brings new legislation, and in the world of marketing, data protection is always on the front line. We dissect the implications of these legislative changes, providing you with insights to navigate this regulatory landscape.

what uk marketers need to know DMA.png

From Compliance to Trust: The Future of Marketing in a Data-Driven World

This article is written by MBA Group Ltd.

priscilla-du-preez-tAnrp8P51tY-unsplash.jpg

Accessible Packaging

Companies are re-evaluating their packaging to better serve their disabled customers. This article explores the latest innovations in accessible packaging.

burger package.jpg

Ethical telemarketing: a reality, not a myth

Businesses must be ethical in their telemarketing practices to protect customers from unwanted, intrusive, or deceptive calls, ensuring their privacy and well-being are respected. Read how

Depositphotos_718680692_S.jpg

Expand

Copyright DMA 2024 © All Rights Reserved