For some time now, the EU Commission has been planning an update to the current ePrivacy Directive (which was implemented in the UK through the Privacy and Electronic Communication Regulations, or PECR for short). The ePrivacy Regulation will replace the current rules on issues like the use of cookies and electronic marketing and was originally meant to be implemented alongside GDPR but the final text was not ready in time. So, what’s the latest update?
After significant delays in moving towards a final text for the Regulation, the EU Commission issued an update on 12 June 2018 following policy debates on 8th June and it would appear that further changes have been proposed.
Cookies
Currently websites display cookie banners informing visitors that the website uses cookies for the purposes of data analytics – if you don’t want cookies dropping on your device then the only option is to stop using the website. The EU Commission had already indicated that under the new rules, internet browsing companies should design functionality to allow individuals to give specific consent for cookies (in fact a small number of organisations have already made this change on their websites). Following the debate, the options for cookies now include banning the use of cookie walls (claiming it is disproportionate for public authorities to make their websites conditional on the use of cookies) or changing the recitals to clarify the requirements around consent.
B2B Marketing
Currently a large proportion of B2B marketing is carried out on a soft opt-in basis. This is where the email address has been obtained through the sale (or negotiation for the sale) of a product or service, the individual was told that their email address would be used for unrequested marketing and was given the chance to opt-out at the time of collection, the marketing relates to similar products and services, and each email gives the recipient the chance to opt-out. The draft Regulation indicates that the EU Commission may seek to bring B2B marketing in line with the requirements for B2C marketing, meaning that the current soft opt-in option will be reversed so that communications can only be sent where the individual has given prior consent.
The updated draft text also allows member states to set a time limit under which organisations may contact individuals for direct marketing purposes. The DMA is continuing to argue against these changes which could cause significant issues for businesses.
Timeline
It is now anticipated that the Regulations will be passed towards the end of 2018 or Spring of 2019 with one year for implementation.
What actions can I take now?
It’s important to document what marketing your business undertakes, your legal basis for the processing and how you obtain contact details. If you don’t rely on consent, then you may want to start to consider what implications the Regulations will have on your business if they are passed in the current format.
Start to talk to your website provider about the options around cookies now BUT don’t make any major changes until the Regulations are finalised.
Watch this space! With 3-6 months to go before the Regulation is passed it’s inevitable that further amendments will be made.
Get in touch
If you need any help in the meantime with regulatory compliance, then feel free to get in touch. An initial chat with one of our associates is always free.
