ePrivacy Regulation (ePR)… Are you nodding sagely, raising your eyes to the ceiling, or feeling nonplussed? Is the follow up to the four letter word that is GDPR even on your horizon? If you’re a digital marketer… it needs to be.
What is ePrivacy Regulation (ePR)?
Put simply, ePR is the next bit of EU legislation covering data law. Its focus – the hint is in the name – is the privacy of individuals with specific respect to electronic communications. It was originally intended to ‘launch’ in tandem with GDPR in May last year, but in truth it’s far from ready and quite a bit of discussion still needs to take place in dusty corridors before it is.
Is it just GDPR in another name?
No, is the short answer; they’re more like siblings. They’re both aiming to align data privacy laws across all EU countries. And both refer to the protection of personal data of individuals within the EU. So if you do business with someone in the EU, regardless of whether you’re actually in the EU or not… they apply. And the system for fines and penalties are the same.
However, ePR is really trying to plug the gaps GDPR leaves, and that therefore produces some subtle, but important differences. For example, where GDPR focuses on the protection and handling of personal data, ePR refers explicitly to a more generic catchall regarding the privacy of individuals with respect to the confidentiality of electronic communications.
For example, with respect to direct marketing, the current drafting suggests that individuals can only be sent messages and information if they have given consent. Nothing new there, you say. But GDPR states that a user’s data can be used where they will have a legitimate interest in the content. Ie. a genuine interest or need. So it looks as though ePR might limit things a bit further. However, from our perspective, it’s the fact that the draft wording doesn’t differentiate between B2C and B2B contact that bothers us most. And we believe that’s something that needs clarifying.
Since GDPR ‘went live’, it won’t have been lost on you just how many cookie notices you have to click to accept now; and they’re not straightforward any more, are they? Well, ePR is looking to tackle this, and that’s a welcome initiative for all of us. The draft regulations are inferring that banner pop-ups will not be allowed and instead cookie acceptance will be set at a browser level. That will give a user the ability to change their settings to suit their tastes and needs generically. It will, however, undoubtedly have an impact on some of the bolt-on data-gathering that goes on behind the scenes. And this, in turn, will have an impact on the B2B digital marketer, because it’s not really possible to differentiate between B2C or B2B here. Again, we will have to watch this space.
So what’s actually going on re data and marketing?
The DMA (Digital Marketing Association) does have some very specific concerns regarding the lack of focus on these two important aspects, particularly with respect to B2B. The apparent requirement for GDPR level consent to be obtained for electronic contact being a key issue.
Originally, ePR was going to require marketers to remind people at least every six months that they can withdraw their consent. That then was ‘relaxed’ to every twelve months. But what next reared its head, was that regardless of whether it’s six or twelve months the product life-cycle was being overlooked. If you sell a service that lasts three years, the reminder you want to send six months ahead of renewal would be outside permitted limits if you haven’t gained consent.
But, all is not lost. With the right people having made enough noise recently, it appears that ePR administrators are listening(ish). Amendments have been made to suggest that member states can decide individually if there is a time limit or not. That flies in the face of what ePR is trying to achieve, of course – the alignment of data practices – but it’s a welcome step forward from our perspective. Let’s see if it makes the final cut, who knows…
A last word
It does appear that ePR is going to make the B2B marketer’s life a bit harder. The current favoured route of devolving some of the decisions to each member state will help… in some ways, but only if you deal solely within one country. Crossing borders could get confusing and expose businesses to the risk of making mistakes. We’d suggest, therefore, that as with all regulatory change on the horizon, it’s worth making a noise about your concerns. Contact the DMA, put your case forward, and make sure you’re heard. There’s going to be a fair amount of upheaval in the months to come, whatever, so go rock the boat any way you think will work.