What Does the ePrivacy Regulation Mean for Digital Marketing?
Just as marketers learn to survive in a post-GDPR world, the deadline for the ePrivacy Regulation — the successor to the ePrivacy Directive (also known as “The Cookie Law”) — inches closer.
Stated for a release in 2019, the impending ePrivacy Regulation, like the GDPR, is applicable to any business targeting EU customers… Which means pretty much ALL of us need to comply!
And just as in the prelude to the GDPR, lawmakers and lobbyists are taking on each other with explosive charges, open letters, and movies hinting at how the world will become an app-wasteland post its implementation.
So what is the ePrivacy Regulation all about? And why do we need it when we already have a stringent GDPR in place? And what the heck does it mean for marketers like us?
Let’s find out.
“The GDPR is Not Enough… ”
… Says Ms. Birgit Sippel, a European Parliamentarian and drafter of the ePrivacy Legislation — and the lead negotiator for the ePrivacy Regulation.
Many other lawmakers also echo the same belief that while the GDPR is a strong regulation concerning data protection; ensuring data privacy — which is the key premise of the ePrivacy Regulation — needs more specifics.
Jan Philipp Albrecht, a German Parliamentarian (who was the lead negotiator on the GDPR), puts this really nicely. He explains that the GDPR sets the “global standard for protecting personal data,” and that ePrivacy is the “missing brick in this wall.”
The ePrivacy Regulation is, in fact, the “lex specialis” to the GDPR, as even the proposal states:
“This proposal is lex specialis to the GDPR and will particularise and complement it as regards electronic communications data that qualify as personal data. All matters concerning the processing of personal data not specifically addressed by the proposal are covered by the GDPR.” — The ePrivacy Regulation proposal
Originally meant to release on the same day as the GRPR, this lex specialis to the GDPR addresses a few specific subject matters covered by the GDPR. For marketers like us, the most important of these specifics are communications and cookies.
Let’s take a look.
Communications & Cookies Under the ePrivacy Regulation
The ePrivacy Regulation aims to protect data confidentiality over a wide range of electronic communications.
Originally, the ePrivacy Legislation focused mainly on the email and SMS channels. The upcoming regulation, however, expands its ambit to cover newer communication services such as WhatsApp, Facebook Messenger, Skype, Gmail, iMessage, etc. And also IoT devices and countertop terminals among others.
So if you ever have a user raising a concern about why they got a message from you on their Facebook Messenger app, you’ll have to look at the ePrivacy Legislation. And not the GDPR as the ePrivacy Regulation offers more specific rules on communications.
Also, along with the actual content of the communications, the revised ePrivacy Regulation will also need you to anonymize and delete any related metadata as well, if the users haven’t consented to its use or processing.
“Both content and metadata will need to be anonymised or deleted if users have not given their consent, unless the data is required for instance for billing purposes.” — The Presentation of the ePrivacy Regulation
Other than ensuring communications’ confidentiality, the upcoming ePrivacy Regulation also targets how companies use cookies to collect and track data for behavioral analysis. It needs you to seek explicit consent from your users before installing any cookies on their browsers.
So for instance, if you run experiments on your website or offer personalized web experiences, then you’re going to need some cookies. But with the ePrivacy Regulation in place, you’ll have to explain the cookies you use and seek explicit consent before installing them on your users’ browser.
As you can imagine, this can result in a lot of consent fatigue.
The solution?
Choosing non-intrusive and privacy-friendly marketing solutions.
At Convert Experiences, for instance, where we build one of the most privacy-friendly A/B testing software, we only use first-party performance cookies that don’t collect any personally identifiable information about website visitors.
All the information our cookies collect is aggregated and anonymous.
The ePrivacy Regulation doesn’t even need you to seek explicit consent for using such cookies on your users’ browsers (as these cookies can be listed and explained in your Privacy Policy).
With such marketing solutions, you don’t just go in the direction of compliance, you also offer a better product experience to your users by eliminating consent fatigue.
Embracing Privacy by Design and Default
If there’s one thing the GDPR and the upcoming ePrivacy Regulation want from any business that collects, processes, uses, and manages data over any communication channel, then it’s this:
Privacy by design and privacy by default.
To make this possible, Sippel asks businesses to help consumers make informed choices about their data and privacy, even if they aren’t tech-savvy.
So whether it’s running your marketing campaigns or choosing your marketing tech stack, sticking to non-privacy intrusive means will work the best. You should also support these with explicit consent forms using the simplest possible explanations about the data you’re collecting or the consent you’re seeking.
Sure, complying with the ePrivacy Regulation will need work, but if you’re GDPR-compliant already — which you should be — you have a considerable head start.