For those of you who are still getting to grips with the complicated rules of GDPR, we’ve got some bad news… the new ePrivacy Regulation is due to come into force during 2019, and is part two of the reform of the EU data protection framework. These 2 new regulations combined really means that businesses must get their data protection practices in order across the board and achieve full compliance as soon as they can.
The ePrivacy Regulation replaces the ePrivacy Directive which, similarly to GDPR, will apply in the same way across all EU Member States. As this is a Regulation, EU Member States have no discretion to make any changes which may be helpful for their own country’s laws. As with anything currently coming down the pipe from the EU, Brexit’s shadow looms tall – you can stay up to date on the Brexit latest by following our Brexit Impact Series.
What does the Regulation cover?
The Regulation is currently still being reviewed in Brussels, but the key points are as follows. The ePrivacy Regulation deals with cookies, as well as all forms of electronic communication (including web, internet, telephone and instant messaging) and the right of confidentiality and data privacy. In particular, the Regulation will require that any form of advertising requires end-user consent. Although this sounds similar in some aspects to GDPR there are some key differences with ePrivacy of which you should be aware.
Where do we stand with the Regulation at the moment?
The Direct Marketing Association (DMA), the Federation of European Direct Marketing Associations (FEDMA) and over 70 organisations within Europe are asking the European legislators to look again at the Regulation to fully consider the implications on business across the EU. In particular, concerns relate to:
- Defining direct marketing and automated calling systems
- Clarifying the rules around communications that are business-to-business
- Clarifying the rules around communications from charities
- Providing sufficient flexibility to allow companies to communicate with their existing customers
The main concern for businesses seems to be ensuring an appropriate balance is struck between protecting the privacy of EU individuals, but also allowing businesses to grow and develop across the EU. If businesses can no longer access customers to market their products, how can they continue to sell, and therefore grow?
What will happen next?
Of course, we always have to bear in mind that the UK will leave the EU very soon. Over the last few weeks the UK government have released a number of impact notices which provide guidance for businesses in the event of ‘No Deal’ for next year’s Brexit.
Whether or not the UK and the EU manage to negotiate a deal, whether there is a transition period, or whether we enter the world of ‘no deal’ come March 2019, it is highly likely that UK businesses will still be required to comply with EU data privacy rules in order to continue to do business within the EU. As a result, UK businesses are advised to continue to monitor the progress of the ePrivacy Regulation and, once we have more clarity on the rules and timescales, set resource aside to ensure compliance.
Please get in touch with a member of the LawBite team if you would like more information on the implications of the ePrivacy Regulation for your business. To consult with the author of this article, LawBrief lawyer Barbara Jamieson, please submit an enquiry for a free 15-minute consultation or call our friendly Client Care Team on 020 7148 1066.