If you are watching the Data Privacy space you will be very familiar with GDPR. Indeed, GDPR is dominating the headlines as firms eventually come around to understanding the far-reaching consequences introduced by the most significant update to data privacy in over 20 years
However, GDPR is not the only change in the pipeline for the digital economy. The laws that govern internet-based services and the implications on personal privacy are moving at an equally rapid pace.
The Privacy and Electronic Communications Regulations (PECR) are next piece of legislation slated for a significant update. PECR, sometimes known as the Cookie law, defines the rules on electronic communications. This includes such things as nuisance calls, cookies and the provision of internet and telecoms services.
The European Commission recently published its proposal for the new updated ePrivacy Regulation (ePR), to compliment and extend GDPR. While this proposal is in its early stages, it signals what is likely to be another set of far reaching changes. Clearly the details are likely to change as the authorities complete their work but these changes are likely to be in the detail rather than the high-level objectives. There is a huge amount of work to be completed by the working party as ePR is due to come into effect in May 2018 at the same time as GDPR. As a regulation, it will automatically become law within every EU member state and as with GDPR, the UK government has already confirmed it will be implemented in the UK before we exit the EU.
The current draft includes some the following headline changes:
- It removes separate security obligations, which will be covered under the GDPR, but requires customer notification of specific security risks.
- In terms of cookies and other online tracking devices, website cookie banners are dropped in favour of users’ browser settings. It also looks to address the usage and privacy issues caused by ad-blocking and Wi-Fi location tracking.
- The rules on marketing are tightened by requiring all marketing to individuals by phone, text or email must be with a positive opt-in.
- The GDPR’s two-tier system of fines of up to €20 million, or 4% of worldwide turnover, for breaches of some parts of the Regulation are extended to include ePR.
- In addition to traditional telecoms and internet providers, ‘Over-the-top’ services such as Skype, Messenger and WhatsApp have been added to the regulation as have businesses providing customer Wi-Fi access.
- Similar to GDPR, ePR will apply to organisations based anywhere in the world if they provide services to residents of the EU.
If you are an advertising or marketing agency, an OTT provider, an online messaging service or if you provide free WiFi to your customers you need to be aware and preparing for both GDPR and ePR.
If you need help understanding the implications or preparing for these regulations contact us at the GDPRGuys.com. We are here to help minimise the disruption to your business and allow you to get on with “business as usual”