The spectre of ePrivacy

Happy New Year everyone!

Here at Mortascreen we've been busy thinking about the key things that will matter this year. Below is an article by our very own Patrick Lymath published by Marketing Industry News on 1st January 2019:

GDPR has obviously defined 2018. It was the regulation on everyone’s lips and now seven months in the conversation is still focused around compliance, fines and engendering customer engagement. However, as we move into the New Year the focus will shift towards the digital landscape, since 2019 is supposed to be the year that the existing ePrivacy Directive transitions into the harsher proposed ePrivacy Regulation.

As we know GDPR is about general data protection, which covers a broad range of elements. However, it doesn’t go into detail about electronic communications. Consequently, the regulation will be lex specialis to GDPR which means it overrides it when it comes to all things digital. It focuses on the confidentiality of users’ electronic communication and will regulate activities including direct marketing, website audience measurement, the transmission of communications across devices and browsers, and cookies set on users’ machines.

There will be stricter rules on sending out unsolicited marketing material via electronic communications, including email and SMS. ePR will also cover telemarketing with cold callers probably having to adopt transparency tactics such as displaying their number or using a prefix that identifies it as being a marketing call. Like under GDPR there will also be a requirement to gain permission and respect people’s right to object.

Another aim of the regulation is to simplify the cookie process in an attempt to reduce irritating cookie consent requests. The idea is to ‘streamline’ the consent process by shifting the onus onto web browsers as opposed to individual websites. This means people will be able set their cookie preferences at the browser level. There will also be a clear distinction between non-intrusive and intrusive cookies.

Non-intrusive cookies won’t require consent because they’re essential for providing services and improving user experiences. These will include functionality including shopping carts, remembering previous purchases, or non-identifying analytics.

 Intrusive cookies, on the other hand, are those that use data (such as IP addresses) to identify and track users around the internet, for example third-party cookies for tracking advertising clicks. These will require explicit user consent. Finally, ePR will also regulate global internet communication companies such as Google, Facebook, WhatsApp etc. to ensure greater responsibility when it comes to their customer data and confidentiality.

So what does all this mean? So far nothing is set in stone, but E-Privacy is likely to cut a large swathe of digital data, and potentially current technology approaches, out of the marketer’s toolkit. Furthermore, like GDPR that came before it, it means that organisations are going to have to have to get their houses in order when it comes to digital customer data. As a result, the onus will be on data hygiene and creating a compliant regime that ensures data is up-to-date and fully permissioned or risk facing the hefty fines that come with non-compliance.