With the dust not long settled on the deluge of privacy policy updates and consent emails following the introduction of the General Data Protection Regulation (GDPR) into EU law, there is a new kid on the block: the ePrivacy Regulation (ePR). The ePrivacy Regulation is the next piece of EU data law that focuses on the privacy of individuals as it relates to electronic communications. But, is it new? In fact, the ePrivacy Regulation was originally intended to go live on the 25 May 2018 – the same day as the GDPR.
In order to understand the differences, it makes sense to first look at the similarities.
Both the GDPR and the ePR have been introduced to align data privacy laws across all EU countries, which means unlike the ePrivacy Directive, they require no domestic law to enact them.
You probably heard all about the fines for non-compliance with the GDPR, 20 million euros or four per cent of annual global turnover, whichever is the highest. Well, the same fine applies to the ePrivacy Regulation, so it is probably best to make sure you know about the ePR.
An online retailer of mobile device repairs and replacement parts
Both regulations apply to the protection of personal data of individuals within the EU. If you do business in the EU, regardless of whether or not you are based in an EU member state, then the regulations affect you.
Now that we’ve better understood the similarities between the two, let’s look at the main differences and the potential impact those differences could have on your current marketing activities.
In article 16.1 of the proposed ePrivacy Regulations, it says: “Natural or legal persons may use electronic communications services for the purposes of sending direct marketing communications to end-users who are natural persons that have given their consent.”
This indicates that forms of directing marketing, such as email and text messages, can only be used when the intended recipient has given consent.
While consent is a product of the GDPR, there are alternatives to processing a user’s data, such as legitimate interest. This form of processing could be used for direct marketing purposes in cases where the processor felt the recipient would have a genuine interest or need in the product.
It is important to note that at this stage, we do not know for sure if the EU’s stance on direct marketing under the ePrivacy Regulation will stand for B2B marketing. The Digital Marketing Commission is lobbying European Members of Parliament “to keep the distinctions between B2B and B2C marketing clear.” We will be keeping a close eye on this one!
Following the 25 May 2018, users have been besieged with cookie notices when visiting a website, in many cases completely covering the screen in the form of a popup. The ePR will do away with banner pop ups with cookies now set at browser level, where the user can change the settings to fit their needs.
If this was a game of EU regulation top trumps, then the ePrivacy Regulation would trump the GDPR when it comes to matters around electronic communications.
The ePR specifically covers the privacy of individuals as it relates to the confidentiality of electronic communications, whereas the GDPR is focused on the protection and handling of personal data.
While the ePR and the GDPR work hand in hand with each other, they both have different legal precedents.
The ePrivacy Regulation reflects Article 7 of the Charter of Fundamental Rights, which states: "Everyone has the right to respect for his or her private and family life, home and communications."
The GDPR is based on Article 8 of the European Charter of Human Rights which says: "Everyone has the right to respect for his private and family life, his home and his correspondence."
The important takeaway for digital marketers is that the ePrivacy Regulation requires more attention than the GDPR. There, I said it!
To stay up to date with the latest development on the ePrivacy Regulation, sign up to our newsletter.
by Darren Coleshill, 5 minute read
by Darren Coleshill, 5 minute read