ePrivacy – Another data protection regulation to comply with?



Roll the clocks back to 25th May 2018.

Many marketers were fearing the worst about the General Data Protection Regulation (GDPR) that was coming into force.

Cue a string of last-minute website changes, consent emails being sent, and records removed from databases.

A survey carried out in December by IT Governance discovered that only 29% of firms in the EU are fully GDPR compliant.

We might be about to deliver some bad news – there’s another data protection regulation you need to prepare for, set to put a spotlight on businesses, rather than the individual-focused GDPR.

ePrivacy will intensify the levels of consent needed to target individuals online, in an effort to provide greater transparency on personal data processes.

So how will this affect the world of digital marketing?

Clean up your marketing lists…including business emails!

If there was a link between two different services that you could exploit, the world of sales was your oyster.

Not anymore.

If we’re honest, GDPR didn’t live up to its hype of reducing the number of spam emails we get. The ePrivacy regulation aims to address this, with a ban on unsolicited communication through a range of channels.

In the wake of GDPR, many marketers looked to their databases to either confirm the source of their consent to process data on an individual or seek consent. The result was a huge drop in database sizes for the purposes of email marketing, and the ePR looks to extend the application of this further.

Namely, another batch of trying to gather opt-in’s, which if GDPR is anything to go by, could result in database sizes dwindling.

So what can you do now?

  • Learn the lessons that GDPR taught us. Get consent early! 


  • Create an engaging campaign that provides real value to your database of contacts, and prompt them to update their details


  • Do this, alongside making sure you have recorded their consent data and which version of your policies apply, and you’re protected.


  • Don’t worry about the inevitable few that will drop off. Chances are they would have unsubscribed anyway, or haven’t opened an email in the last few years.

Stay away from the cookies!

This is going to be a biggie for digital marketing, especially in the retail environment. Here’s the text from the impending legislation:

“Currently, the default settings for cookies are set in most current browsers to 'accept all cookies'. Therefore, providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment; this is often presented as 'reject third-party cookies'."

What does that mean?

It’s essentially addressing the ‘consent fatigue’ everyone has. It seems impossible to visit a website without a pop-up asking you to opt into cookie tracking or simply a header panel that says you’re being tracked.

This has resulted in an interesting position being taken by the EU, whereby they have potentially taken cookie control much simpler, but much more difficult for digital marketers.

The ePR suggests that browsers, offer a blanket opt-in or opt-out on installation.

Granted, this would cut down on the number of requests received, but could also result in mass loss of data which could prove to be useful to individuals - such as saving items stored in shopping baskets.

However, the most likely scenario is that cookie consent and control will have to be made much simpler for online users, with a combination of clear language, simple explanation of cookies being used, and positive action needed for compliance.

So what can we do about it? Get ahead of the game.

List all of the reasons a user might want to have a cookie placed. That could be:

  • Saved shopping carts that they can come back to

  • A list of favourites being stored

  • Previously viewed items stored

  • More relevant ads (yes, this is a benefit)


  • Add these reasons to a custom cookie consent banner, that clearly communicates benefits and makes it simple for the user


  • Create a control centre

  • Using the same assets created for the banner, create a control centre that communicates benefits and gives users all of the options

All of these will make you more approachable and transparent as an organisation, helping potential customers trust you.

Get serious about policies

Chances are, you rely on external providers to carry out advertising and messaging.

(Facebook, Instagram, WhatsApp)

Each of those channels, in particular, have been at the forefront of advertising in recent years, as marketers move towards ‘conversational commerce’.

Now, as part of the ePR, the regulations surrounding those channels is about to change.

They essentially do the same job as your mobile phone, but outside of the standard network i.e. you can message and call people using them.

Network providers, have to make sure that your call data is anonymised or deleted as part of ePrivacy.

Here’s what it means for you:

  • You need to make sure that your policies are up to date and you have a copy of the channels’ policies should you need them.


  • The biggest takeaway here is that whilst you need to implement practical steps to remain compliant, such as cleaning your database, you also need to make sure your policies and formal documents are up to date, covering the requirements of the latest regulations. This will help protect you and demonstrate you have been responsible/aware of regulations should you be investigated.

For information on the Outsourced Data Protection Office services, or for help creating data protection policies for your business, get in touch on their website.

Visit the original article source - HQ The Association Magazine here.


Copyright © 2020 Meeting Escrow Inc. All rights reserved. Privacy Policy