- 20 December 2019
Amidst the hype of the GDPR in 2018, one other area of data protection reform progressed relatively under the radar – the ePrivacy Regulation. Surprising given the potential impact this could have on an organisations’ marketing practices.
Currently, in the UK, the Privacy and Electronic Communications Regulations 2003 (“PECR”) is in force, which sets out further data protection obligations, specifically aimed at electronic communications. It regulates areas such as electronic marketing and the use of internet cookies.
This is set to be replaced with the ePrivacy Regulation, a piece of EU legislation designed to run alongside the GDPR and harmonise practices across member states.
The ePrivacy Regulation was due to come into force at the same time as the GDPR. However, it is a complex area of law prompting much debate and, as such, the wording for the Regulation has still not been approved. A revised draft has been put forward recently, but it seems highly unlikely that anything will be agreed until 2020 now.
Why should I care?
The exact impact of the ePrivacy Regulation cannot be predicted at this stage as the legislation has undergone many changes and wording has still not been agreed. However, we know that it could well have significant implications for organisations around areas like B2B marketing and internet cookies and so it’s important for organisations to be alert to potential changes.
The end of B2B Marketing as we know it?
The PECR places restrictions on an organisations ability to send marketing communications electronically without the recipient’s consent. However, there are two generally recognised exemptions to this:
- Where the recipient is an existing customer and the email relates to similar services (known as the ‘soft opt in’) and
- Where communications are being sent to a business, other than a business operated by sole traders and/or partnerships, even if a personal work email is used such as email@example.com and not a generic one like firstname.lastname@example.org
In both cases, an opt out must be clearly in place from the very first communication.
Changes being proposed in the ePrivacy Regulation include placing a time-limit on soft opt ins and potentially removing the B2B exemption altogether.
Many organisations in 2018 decided to continue with their marketing practices for B2B contacts in light of the exemption (and relying on ‘legitimate interests’ to avoid falling foul of the GDPR) but, such organisations may need to revisit their approach if this latter change makes it through to the final text for the ePrivacy Regulation!
One thing’s for sure, if these changes come in, our work inboxes will start to see the raft of consent emails that our personal ones saw in 2018 – collective sigh!
The introduction of the ePrivacy regulation could see stricter confidentiality requirements around monitoring of electronical communications.
The e-privacy directive prohibits monitoring of electronic communications and metadata. However, the prohibition currently in place does not sufficiently cover electronic communications services that are made over the internet and/or devices that use the internet to communicate.
Changes may include the requirement that any monitoring of electronic communication of any kind will be prohibited. This includes sms, WhatsApp, email and instant messaging applications. There are proposed exemptions to this, for example where monitoring is needed to prevent security risk and attacks “in the transmission of electronic communications”.
Tighter controls on public directories
Currently you need to inform individuals that you are going to include them in the directory, you also need to give them the chance to opt out before including them and you need to gain their explicit consent if you were to include them for reverse searches. The consent to include an individual in a public directory is quite soft.
Changes include ensuring that communication services (such as BT (which includes EE), Talk Talk, Vodafone, Virgin Media and Telefonica) are under a duty to implement measures to limit unwanted, malicious or nuisance calls. Public directories (such as Yellow Pages, Thomson Local, Yelp and Yalwa) must obtain explicit consent from the end user before they publish any personal data in the directory.
The ePrivacy Regulation was due to come into force at the same time as the GDPR.
Doesn’t Brexit mean the ePrivacy Regulation won’t apply to the UK?
To some extent, this depends on whether the UK leave with, or without, a deal.
If the UK leaves without a deal then the UK will not be bound by the new Regulation. If the EU leaves with a deal then it’s likely that EU law will continue to apply for any transition period and could become law in the UK.
However, regardless, the UK may well want to adopt the new requirements in any event to assist with it being given an adequacy decision by the EU (making data transfer from and to the UK easier). Also, businesses that deal with EU based counties will likely need to comply as EU countries may well request this and have more complex sharing arrangements as a result.
When will this come into force?
It is unlikely that the draft legislation will be agreed until 2020 and, then, it seems likely that it would have a transition period, like there was with the GDPR, before it comes into force.
As the draft text may change substantially there seems little point in businesses adapting their processes yet but it is good to be aware of the legislation and to start considering how this may impact any current or future projects.
Click here to contact Clarkslegal’s Data Protection team.
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.
Read, listen and watch our latest insights
- 08 December 2023
UK Hospitality – Right to Work
The UK’s hospitality sector is strongly impacted by immigration rules and policies post-Brexit.
- 04 December 2023
- Commercial Real Estate
Real Estate update and 2024 expectations
The ECC confers rights on code operators to install and maintain electronic communications apparatus on public land, and even grants operators the right to sometimes apply to court for an order allowing them to install and maintain such apparatus on private land.
- 29 November 2023
How will the Autumn Statement 2023 affect the Construction Industry?
On 22 November 2023 Parliament was presented with the Chancellor’s Autumn Statement.
- 29 November 2023
- Public Procurement
Public Procurement Annual Update 2023
Watch Clarkslegal’s Public Procurement team as they provide you with the essential information businesses involved in public tenders need to know.
- 28 November 2023
The risk of insolvency with equal pay claims: how can you avoid them?
Even though the law states that everyone should be paid equally for work of comparable value, this does not always happen in practice.
- 21 November 2023
- Privacy and Data Protection
Privacy matters: How the 8 data subject rights protect personal data
In this guide we explore the 8 data subject rights under the UK GDPR and discover how they play a vital role in preserving your organisation’s privacy standards in an increasingly interconnected world.