Resources

All you Need to Know:
ePrivacy Regulation Status

Eprivacy Header

Posted

20 September 2022 by Team ITG

It's been a long time in the making, but could the ePrivacy Regulation finally appear on your latest data privacy hurdles list? It could considerably affect how you conduct online marketing and advertising and could be in force as soon as 2024.

What is the ePrivacy Regulation?

The ePrivacy Regulation is set to replace the e-privacy Directive, first launched in 2002. The ePrivacy Regulation (ePR) is a proposal to regulate the handling of personal data in electronic communications. It was initially proposed in 2017 and was set to complement GDPR in 2018. However, the discussions and agreements are still being thought over five years later.

The ePR will apply to all businesses that process data concerning online communication services, track technology, and electronic direct marketing. It will also apply to all EU member states, meaning it's likely to affect you in some way or another.

What does the ePR cover?

Initially, the e-privacy Directive encompassed email, information confidentiality, traffic data treatment, spam, and cookies. However, technology has evolved dramatically in the last few years. Hence, the latest version of the ePR agreement cover all the above, with the addition of communications services such as WhatsApp, Facebook Messenger, and Skype, as the popularity of most of these channels continues to rise.

Key focus points of the ePrivacy Regulation

According to the ePrivacy Regulation, it is forbidden to interfere with people's electronic communications unless one of the mentioned exceptions applies.

The Regulation also provides specific guidelines for when data processing is permitted, including the use of unnamed or anonymised data. The ePrivacy Regulation states that content is "anonymous" when neither a living being nor a legal entity’s identity or data can be traced. The ePrivacy Regulation will not be applicable in that situation. If extra information may be used to identify a natural person or legal entity, yet the content is "completely anonymous" for example, tracking the end ESP of a delivered email. The ePrivacy Regulation will apply in this situation.

Some of the critical elements of the ePrivacy Regulation are:

  1. One Rule for All: It will create one rule for the entire EU member states. They are standardising the legislation across the entire EU. Currently, the E-Privacy Directive, as long as the outcome is the same, could be implemented by each state in its own way. These individual laws and regulations will become obsolete once the ePR comes into force.
  2. Clear Rule on Cookies: Rather than every website requesting cookie acceptance, this process will be streamlined by the browser settings. ePR also states that non-privacy-intrusive cookies, which improve the end-user experience, will not require consent;

As the data is entirely anonymous, companies will still be able to count the number of visitors to their website, just not the electronic metadata, such as location or source of a visit.

  1. More Encompassing than GDPR: GDPR only applies to the personal data of a living being. The ePR will also apply to legal entities and businesses. It will also apply to all forms of content communication such as text, voice, video, and imagery.

What happens if you violate the ePrivacy Regulation?

Similarly, to GDPR, the consequences for violating the rules are dire. Depending on the severity, the organisation could incur a fine of €2,000,000 or 4% of the company's annual turnover, whichever supersedes the other. Ouch! So, every company must prepare as soon as possible.

What should you do next?

Firstly, as the agreement hasn't yet been made, it's imperative to keep updated with the latest developments. You can do so here. If the agreement is finalised this year, it will come into force 20 days after the official publication. We can also assume a grace period of around two years before the regulation is enforced, as we know as marketers will come around a lot sooner than we think. Hence, it's essential to prepare your organisation as soon as possible.

  1. Think about the cookies you have on your website. Note down their purpose and start to map which cookies you'll no longer be able to collect post-ePR.
  2. Ensure your settings are user-friendly and straightforward so that users can opt-out or in with ease.
  3. Start looking towards other data collection methods, such as zero-party data, to keep providing the same personalised experience.

How will my marketing automation platform support me in ePR?

We can't speak for other platforms, but CanopyDeploy has already made developments to ensure compliance with the ePrivacy Directive will come easily. Within the platform, we have Do Not Track options for each customer record, making it easy for you to turn off any tracking pixels in email communication for every contact in your database.

Our eyes are always on the latest developments, and with software built and developed in-house, we have complete control over the latest additions to CanopyDeploy.

Final word

Data privacy developments are accelerating at a phenomenal rate. The only way to truly know you comply with the latest developments is by collecting the correct data. Download our whitepaper "Future-proof data in a cookieless world" and get familiar with collecting the right data that's fit for the future.

How can we help you?

hello@teamitg.com