What is the ePrivacy Regulation? And what does it mean for your business?

It only seems like yesterday that we were panicking over GDPR. Now we have a new regulation to worry about: ePR. Find out what it means for your business.

Over the last few decades the internet, combined with the development of electronic communications, has revolutionised the way we go about our business.

Interconnectivity has become an integral part of our lives. But with it comes a host of ethical and practical problems that can be partly boiled down to one question: How can society safeguard people’s online privacy?

The proposed ePrivacy Regulation (ePR) aims to answer that question. It will replace the already 2002’s existing ePrivacy Directive with a stronger law that must be adhered to by all EU member states.

Why does the ePrivacy Directive need replacing?

Although the ePrivacy Directive is a legal act that aims to uphold Article 7 of the EU charter (respect for private and family life), it doesn’t require all member states to implement it in the same way.

As a result, member states can be selective about what parts of the directive to adopt and enforce, and this creates an uneven playing field.

In 2002 the directive was adequate. But digital culture has, since then, become more intrinsic to people’s lives.

Gathering and processing personal data via electronic communications is now a huge part of society. Not only that, but the interconnectivity of electronic devices means there are more digital entry points into people’s private lives, meaning there’s a greater risk of privacy violation.

ePR aims to bring the legislation up-to-date and create a level playing field for all EU citizens.

How does ePR relate to GDPR?

GDPR is about general data protection, which covers a broad range of elements. However, it doesn’t go into detail about electronic communications.

ePR, on the other hand, focuses specifically on electronic communications. In legal parlance, this is known as lex specialis. So, although the ePR will use the same definitions as GDPR, it will actually override GDPR on matters of data-privacy in the context of electronic communications.

Both the GDPR and ePR are part of a movement to reform the EU data protection framework.

What will change when the ePR comes into force?

It’s difficult to say as the proposal is still being developed. We won’t know the exact stipulations until it’s been finalised. However, based on what’s in the proposal now, it seems that the following areas will be of particular interest:

Unsolicited marketing.
Cookies.
Bringing OTTs into the regulatory scope.

How it will affect unsolicited marketing

There will be stricter rules on sending out unsolicited marketing material via electronic communications, including email and SMS. ePR will also cover telephone-based cold calling; cold callers may have to adopt transparency tactics such as displaying their number or using a prefix that identifies it as being a marketing call.

There’ll also be stricter rules on gaining permissions and respecting people’s right to object.

How it will affect cookies

One of the aims of ePR is to simplify the cookie process in an attempt to reduce all the irritating cookie consent requests. The idea is to ‘streamline’ the consent process by shifting the onus onto web browsers as opposed to individual websites. This means people will be able set their cookie preferences at the browser level.

In a press release, the European Commission said:

“The cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined. The new rules will be more user-friendly as browser settings will provide for an easy way to accept or refuse tracking cookies and other identifiers.”

There will also be a clear distinction between non-intrusive and intrusive cookies.

Non-intrusive cookies won’t require consent because they’re essential for providing services and improving user experiences. These could be things like shopping carts, remembering previous purchases, or non-identifying analytics.

Intrusive cookies, on the other hand, are those that use data (such as IP addresses) to identify and track users around the internet, for example third-party cookies for tracking advertising clicks. These will require explicit consent.

How it will affect confidentiality

The digital revolution has seen the rise of Over the Top (OTT) service providers such as Google, WhatsApp and Skype. Millions of people now use these communication services, meaning there is greater potential for invasion of privacy (think of all the private online conversations happening at any one time).

So ePR aims to make strict confidentiality rules applicable to the big internet communication companies, and make them more accountable whenever they fall foul of the law.

So, what does ePR mean for your business?

How ePR will affect your business all depends on your strategies. If electronic communication is an integral part of your business model, then you’ll need to audit your current setup and ensure it adheres to the regulation.

You may also need to anticipate threats. For example, if you’re a publisher that relies on third-party advertising cookies, you may see a drop in revenue because people have set their browsers to block certain identifiers. So you’ll need to come up with creative solutions for persuading users to enable cookies for your site.

ePR is definitely something you don’t want to ignore as, like GPDR, the fines for non-compliance will be pretty hefty, and you also face reputational damage (you may gain a reputation for violating people’s privacy, for example).

The good news is that you still have plenty of time to prepare. You can get yourself up-to-speed by taking a look at the current draft proposal. However, it’s worth noting that the current proposal is not set in stone and there are likely to be amendments between now and when it comes into force. So, do keep track of all the latest developments.

When will ePR come into force?

At present, the exact date is unknown. It is, however, expected to come into force some time in 2019.

For expert advice on direct mail marketing and more, visit Romax, a market leader in print and direct mail services.

Photo by rawpixel

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 19 days 13 hours 20 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_39226696_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_omappvp	11 years	The cookie is set to identify new vs returning users. The cookie is used in conjunction with _omappvs cookie to determine whether a user is new or returning.
_omappvs	20 minutes	The cookie is used to in conjunction with the _omappvp cookies. If the cookies are set, the user is a returning user. If neither of the cookies are set, the user is a new user.

Cookie	Duration	Description
centerVisitorId	7978 years 5 months 19 days 13 hours 11 minutes	This is a HTTP cookie used to track the individual sessions on the website. It helps the website to compile statistical data from multiple visits. This data is used for lead generation as a part of marketing purpose.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.

Cookie	Duration	Description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
view.ga79y7i4H2VjMus2eRJYqN.4ewaiz7cYMLxo2Fdorod4k	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.5659118702428160	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.5kjS2nejq2YcnYdvBnXie6	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.6M3TmeJYUdaXk4bFFoEsPB	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.AcqHN2Jx4LPTHTaVuvgpj7	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.az9ENbabTdjyzXZhvGZLsH	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.BfndspJeShXfBzLLV9vgf6	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.dExRyANhGorUfWBK88b8He	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.DLQVxHBCjsB8dSGzMQHEG8	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.ecCiQ7LhtWkSkJ7TaZBNeg	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.FQVDyuAXgSZP6EjzQVc8vZ	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.gm24Y7zkcqfXLnVYsG45ua	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.Jngw8VouAHPooyWULt96v8	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.JUp6DgKPEh2GnAKP6Hic9a	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.oXoiDpd347fYcUzoEogUp3	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.PxByyBFy44UYvo87EnhdAT	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.pXcNDvRdAUByFqYPw6mShD	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.QdALHubScinNuHaMzo6r4T	1 day	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.
_drip_client_6898597	2 years	No description
_drip_visitor_6898597	2 years	No description