The implementation of the ePrivacy Regulation led to nervousness across the business sector. Business leaders did one of two things; buried their heads in the sand with the hope that the regulation would not affect them or they took action, updated their organisational policies and procedures, hired a DPO, tightened their internet security and formulated an information security strategy and plan.
The ePrivacy Regulation comes into effect right after GDPR as an extension to it. It aims to protect the privacy and confidentiality of communications.
ePrivacy Regulation as an extension to the GDPR
Initially, the ePrivacy Regulation intended to act as an extension to the GDPR, and the two would run simultaneously, but the extra rules and complications involved in the formulation of the ePrivacy Regulation have required some tweaking, updating and gathering of extra privacy-related add-ons to go into this particular chapter of the privacy compliance rulebook.
Role of ePrivacy in communication data
The ePrivacy Regulation impacts communications data. It covers every aspect of communication including WhatsApp, Cookies, Skype, Alexa etc. It does this by gathering explicit consent and transparency about how businesses use this data. The EU ePrivacy Regulation is a new addendum to the rulebook. It is an ever-growing movement towards giving greater powers to consumers on the handling of their online privacy and data.
The first concept of the ePrivacy Regulation came into place in 2002, along with the birth of the ePrivacy Directive. The ePrivacy Regulation 2019 will repeal the earlier ePrivacy Directive of 2002. The ePrivacy Directive came about initially as a reaction to internet browsing cookies, its pseudonym being the “cookie law”. It had developed since its inception 14 years ago, naturally in line with technology. Back in 2002, nobody envisaged how technology would change the way we communicate today with iPhones being the standard and landlines becoming extinct. The evolution in technology and data-driven business is alarming to many privacy activists. And obviously, privacy rules have to come into play to protect the incredible bulk of personal information gathered on consumers.
After GDPR, the ePrivacy Regulation 2019 has brought a list of new rules that businesses must comply with in order to remain compliant. The regulation applies, in particular, to all aspects of marketing concerning cookies, instant messaging apps and any interaction through the “Internet of Things”. The ePrivacy Regulation will only harm organisations (and inadvertently individuals) if they choose to ignore or fail to invest in the necessary compliance requirements and risk incurring penalties.
Hard facts include the cessation of all cold calling, whether this is by phone, email or text. The trend of unsolicited digital communication is going to end. Similarly, marketers will have to comply with the ePrivacy Regulation. Explicit consent and transparent online privacy policies will be all-encompassing for most businesses. It may appear more of a challenge than it needs to be, as those companies already in the proactive camp will have in place measures to ensure GDPR compliance, the ePrivacy Regulation is merely an extension of this that applies to communications.
In the same vein, where GDPR has enhanced the trust aspect between a compliant company and its customers, the ePrivacy Regulations need embracing. Proactive companies, and marketers in particular, who ensure they show transparency about the consumer data they collect or track will surely gain the trust of their customers.
Areas for more stringent restrictions are those concerning cookies. Cookies are fundamental for marketing companies who are driven explicitly by displaying advertising, retargeting and paid search campaigns. As they provide invaluable information on what products consumers are looking at. Buying cookie-based advertising accounts for 43% of marketers with this figure likely to drop due to the cookies restrictions under the ePrivacy Regulation. Ultimately, the ePrivacy Regulation provides individuals more choice as to specific cookie preferences through the requirement for consent.
The digital era has impacted profoundly on how people communicate with each other. Statistics show that communicating via app-based software such as Facebook, Messenger and WhatsApp have increased dramatically over the past five years. The EU via the ePrivacy Regulation will put the same stringent requirements and standards of care as those placed upon the giant telecommunication providers. As a result, any data collected via these apps including telephone numbers, location information, IP addresses, require the exact level of protection as afforded by the conglomerates, including obtaining consent to retain data no longer needed. Without consent, data is deleted or anonymized.
Technological advances are on the rise with AI machine learning and communications collecting, storing and sharing valuable information. Therefore, it is crucial to ensure the safekeeping of that data and ensure compliance with regulations.
The multidisciplinary approach imposed by the European ePrivacy Regulation will greatly address the growing risk of cybercrime. The ePrivacy regulation stipulates that organisations must ensure their systems are secure, utilizing preventative and detective due diligence. Thereby, they build trust with their users and set a benchmark that serves as a competitive advantage.
Businesses that have not already done so, should immediately implement an internal ePrivacy compliant communications policy. They must also include ongoing monitoring to improve internal functions. And also processes to ensure enhanced legal compliance with the EU ePrivacy Regulation. The policy should include actionable procedures across the board in the event of a cyber attack.
There are considerable benefits in data analysis, data collection and data sharing. Data is gold to marketers. GDPR and ePrivacy Regulation are the brakes to prevent the careless and illegal treatment of this precious resource. Compliance may appear elusive. But, burying one’s head in the sand will only damage an organisation, both its reputation and its finances. However, the real danger is risking the privacy of individuals, which every organisation will avoid.
Organisations must ensure that they perform a PECR audit, update all their policies and implement a GDPR & PECR Compliant Cookie Consent Management Solution to ensure that they comply with the ePrivacy Regulation.