Amidst the hype of the GDPR in 2018, one other area of data protection reform progressed relatively under the radar – the ePrivacy Regulation. Surprising given the potential impact this could have on an organisations’ marketing practices.
Why should I care?
The exact impact of the ePrivacy Regulation cannot be predicted at this stage as the legislation has undergone many changes and wording has still not been agreed. However, we know that it could well have significant implications for organisations around areas like B2B marketing and internet cookies and so it’s important for organisations to be alert to potential changes.
The end of B2B Marketing as we know it?
The PECR places restrictions on an organisations ability to send marketing communications electronically without the recipient’s consent. However, there are two generally recognised exemptions to this:
- Where the recipient is an existing customer and the email relates to similar services (known as the ‘soft opt in’) and
- Where communications are being sent to a business, other than a business operated by sole traders and/or partnerships, even if a personal work email is used such as sreyes@clarkslegal.com and not a generic one like info@clarkslegal.com
In both cases, an opt out must be clearly in place from the very first communication.
Changes being proposed in the ePrivacy Regulation include placing a time-limit on soft opt ins and potentially removing the B2B exemption altogether.
Many organisations in 2018 decided to continue with their marketing practices for B2B contacts in light of the exemption (and relying on ‘legitimate interests’ to avoid falling foul of the GDPR) but, such organisations may need to revisit their approach if this latter change makes it through to the final text for the ePrivacy Regulation!
One thing’s for sure, if these changes come in, our work inboxes will start to see the raft of consent emails that our personal ones saw in 2018 – collective sigh!
Confidentiality
The introduction of the ePrivacy regulation could see stricter confidentiality requirements around monitoring of electronical communications.
The e-privacy directive prohibits monitoring of electronic communications and metadata. However, the prohibition currently in place does not sufficiently cover electronic communications services that are made over the internet and/or devices that use the internet to communicate.
Changes may include the requirement that any monitoring of electronic communication of any kind will be prohibited. This includes sms, WhatsApp, email and instant messaging applications. There are proposed exemptions to this, for example where monitoring is needed to prevent security risk and attacks “in the transmission of electronic communications”.