Did you think the ePrivacy Regulation was dead? Think again

Share This Post

Back in the months leading upto GDPRmaggedon there was talk of a new ePrivacy Regulation that would replace PECR in the UK and streamline cookie and electronic marketing rules (along with some other stuff) and that this would come into force at the same time of GDPR, making a tidy transition to a new GDPR and ePrivacy regime across the EU. It was accompanied with rumours of significant changes to cookie controls for end-users as well as the end of B2B marketing without consent.

But the new ePrivacy regulation never happened, just GDPR came into force in May 2018 and since the initial proposal published in 2017, the regulation has had it’s ups and downs in terms of progress with lots of speculation it would appear in 2019, maybe 2020, maybe not at all. The problem appears to have been different presidencies of the EU having different views on its importance, but in October 2019 the Finnish Presidency published some updates and amendments to the Regulation, so it would appear it’s back from the dead.

In a general sense the key (interesting) changes appear to be:

  • Users can’t be forced to accept cookies to access content (so called “cookie walls”)
  • Reaffirmation that you need to provide cookie information and collect consent accordingly (as per the UK’s cookie guidance)
  • Opt-in consent is needed for direct marketing, unless it’s for marketing similar products/services to someone who an organisation already has a business relationship with (i.e. they’ve bought something, so you can continue to market to them without consent). What’s still not clear, although the indications are hopeful, is what will happen with B2B marketing, with some suggesting it could stay as it is now, i.e. left to member states to decide

So, back from the dead. It would seem we may well see a new ePrivacy regulation on the horizon at some point and the two key areas of consent re: cookies and digital marketing will be covered, but to what extent remains to be seen.

But before you start getting excited, the current drafting has to go through the usual EU trilogue negotiations (Council, Commission, Parliament) probably in 2020, and if the new regulation is approved it is likely to have a 2 year implementation period (just as GDPR did), so it’s not likely to take affect until 2022 at the earliest. And from a UK perspective there’s the small matter of Brexit – if we leave the EU before it’s agreed or before it comes into force, we’ll need to see how the UK government plans to implement (if at all), although I very much see it as a key part of the ICO’s work and tied into GDPR so much that it’s unlikely the UK won’t implement most, if not all of it.

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy