What is ePrivacy?
Three months after the data protection tsunami that was GDPR (General Data Protection Regulations), businesses around the world have either coped with the change, are still playing catch up, or have buried their heads in the sand.
Whichever group your company falls into, you’ve no doubt already had your fill of jumping through data protection hoops and are already getting a bit annoyed at having to click on (often obtrusive) consent buttons for every single site you visit. Digital marketers and web designers should already know that Google are actively filtering sites with annoying pop-ups so it’s been surprising just how disruptive some of these are
While GDPR put rules in place governing privacy, it’s worth remembering that the ‘G’ in GDPR stands for ‘General’ and with this in mind, no doubt with collective groans from anyone who only just GDPR’d their website, there are more privacy rules on the way soon, this time designed to deal with online data protection and electronic communication more specifically – ePrivacy (or cookie law as it’s been dubbed) is on the way.
What will the ePrivacy Regulations Mean For Me?
While GDPR governed the way data is collected, handled and processed, ePrivacy is more geared towards the specifics as they apply to privacy online and via any form of electronic communication.
Protection from marketing spam is something ePrivacy deals with and something which consumers and businesses alike will almost certainly welcome (unless, of course, your business is spammy marketing).
The ePrivacy rules will be very specific about unsolicited communications. While GDPR doesn’t ban speculative marketing outreach, ePrivacy will mean that direct marketing will only be permissible with user consent. General advertising via websites will be perfectly fine, but ‘out of the blue’ calls, texts or emails will no longer be allowed.
Additionally, marketing callers will be forced to either display their phone numbers or add an identifier which marks the call as a marketing call.
Why has ePrivacy been nicknamed ‘Cookie Law’?
With the prospect of large fines for breaching GDPR rules, the user experience of many websites has been degraded thanks to the use of cookie consent/privacy notice pop-ups on just about every site a user visits. Understandably, businesses are taking a ‘better safe than sorry’ approach in the face of vague guidance.
The ePrivacy rules are expected to help provide some welcome clarity on cookies, (hence the ‘cookie law’ moniker) in that no consent will be required if the cookies in question don’t intrude on a user’s privacy. Setting browsers to accept or decline certain types of cookies en masse will allow users to pre-approve types of cookies rather than each site having to get specific permission in some cases.
What constitutes privacy is getting expanded too. While GDPR covers personally identifiable information, the privacy of communication content and also its metadata will have to be given greater attention once ePrivacy comes into force as it will have to be treated with the same level of security and consent as user data itself. So, for example, if a person makes a call or sends an email to another person, the content of what they say will be protected from interception and analysis (so networks won’t be able to scan the conversation for keywords). But what about the location of either caller? The length of the call? What time the call was made? These pieces of metadata; information which provides insights into the lives of individuals will also be included.
When will ePrivacy come into force?
Initially, the ePrivacy regulations were intended to arrive at the same time as GDPR, however, the details weren’t finalised and at the time of typing, they still aren’t. They ARE coming soon however, but it’s unlikely we’ll see them before the end of the year and there’s been a suggestion that there’ll be a 12 month adjustment perisod once it comes into force.
The penalties for non-compliance, however, are likely to be the same as with GDPR and with the same jurisdiction.
At Falkon Digital, we were able to help our clients successfully navigate the requirements of GDPR in an intelligent way, so that when the new rules came into force, we were ready for them and so were our clients.
We’ll be keeping a close eye on the development of the ePrivacy Regulations and putting strategies in place to make sure that our clients will, as they were with GDPR, be well prepared for the new regulations when they eventually arrive.