The new EU ePrivacy Regulations (ePr)

EU ePrivacy Regulations, Data ProtectionWhilst we have all been busy implementing changes to comply with the new GDPR regulations another set of data protection regulations is making its way through the European Parliament, the new EU ePrivacy Regulations.

The latest regulations are an update on the current Privacy and Electronic Regulations (PECR) 2003 which governs how we do direct marketing and cookies. It will also come under the purview of the Information Commissioners Office (ICO).

These regulations started their journey through the European Parliament in Jan 2017 and were due to become law at the same time as the GDPR, however there is still debate going on around some of the suggested changes within the regulations.

The new regulations are all about the right to confidentiality.  It covers spam, direct marketing, telecommunication firms, mobile app developers, online advertising networks and, often overlooked, the IoT (Internet  of Things).

As it is a regulation, much like GDPR it is self-executing and becomes legally binding across the EU, whereas its predecessor, the ePrivacy Directive, required local regulations for implementation.

The main focus of the new regulations is cookies and the average website has 28.9 cookies. Consent for non-privacy intrusive cookies which improve the Internet experience of the user may no longer be required, nor for remembering shopping cart history.EU ePrivacy Regulations

HOWEVER, the current proposal says that browser settings will enable website visitors to accept – or refuse – cookies, as well as other ‘identifiers’.  A name is the most common means of identifying someone but this could also be an IP address.  If they have refused this option then this could prohibit them from visiting your site. This should all become clear (or not) once the wording in the regulations is finalised.

Non-compliance of these regulations will come with the same fines as the GDPR, 4% of worldwide turnover or £17m. These are high fines, little margin for error in a very a difficult context.

In other areas of direct marketing, callers will need to show their phone numbers or use a prefix which indicates the call is a marketing call.

There is currently no date set for the implementation of these new regulations however early 2019 is currently being talked about as implementation date.