What is the ePrivacy Regulation and how does it affect your business?

Everything you need to know about the EU ePrivacy.

September 25, 2019 –  The ePrivacy Regulation (ePR) is a proposal for greater regulation of electronic communications within the European Union, in order to increase privacy for individuals and entities. Its full name is “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications).

In The Netherlands it will, when it comes to affect as part of European Law, replace the Telecommunicatiewet.

Data Privacy

The ePR will work in tandem with the General Data Protection Regulation (GDPR). The ePR will focus on the processing of personal data specifically through online and electronic devices and services, whereas the current GDPR focuses more on the protection of personal data. Online and electronic devices and services are for example: WhatsApp, Facebook Messenger, Skype, Gmail, iMessage and other providers of this type of communication services.

The regulation will contain stronger rules to make sure people and businesses in the EU will have the same level of protection of their electronic communications. The Communications content and metadata needs to be better protected such as the time and the location of a call. Metadata must be anonymised or deleted if users did not give their consent unless the data is needed for billing.

Cookies and Spam

The proposal is to have simpler rules on the use of cookies. The new rule will be more user-friendly, as browser settings will provide for an easy way to accept or refuse tracking cookies and other identifiers. The proposal also clarifies that no consent is needed for non-privacy-intrusive cookies improving internet experience or cookies used by a website to count the number of visitors.

In regard to spam, the proposal is to ban unsolicited electronic communications by emails, SMS, and automated calling machines. Depending on Dutch law, people will either be protected by default or be able to use a do-not-call list to avoid receiving marketing phone calls. Marketing callers will need to display their phone number or use a special prefix that indicates a marketing call.

What does it mean for your business?

The scope of the ePrivacy Regulation would apply to any business that provides any form of online communication service, uses online tracking technologies, or engages in electronic direct marketing.  It will impact all countries under EU or European law, including the United Kingdom at this time.

In terms of direct messages through social media services, users (e.g. clients or employees) will need to give full consent to receive any promotional material from your organisation (as they would via email) and there must be an option to unsubscribe or unfollow your page or group at any time.

Due to the proposed regulation, the expectations is that companies would turn away from the use of WhatsApp, Snapchat, and other social messaging services which many deem “inappropriate” for business use since they do not comply with data protection laws. Instead they will opt for internal messaging apps or email to ensure that they are data compliant. Other companies will wait for action from the messenger services such as WhatsApp and Snapchat in order to comply to the ePR.

Nonetheless, with this new e-privacy law, your organisation will need to ensure data is compliant or else could face a fine of up to EUR 20 million or 4% of the corporation’s annual revenue.

This regulation still needs to be agreed between the European Parliament and the Member States. Expectation is to reach an agreement by the end of 2019. Member States will have 2 years to implement the ePV in their legislation and will be 2021 to come into force in The Netherlands.

More News