As the year goes out, a new one is shaping up to be dominated by exactly the same issue -- privacy. Or more particularly, we should say, permissioning. In general news we have the defeat this morning for the Government on its "snoopers charter." According to the European Court of Justice, it is going totally over the top to ask ISPs and email providers to keep hold of every email that everyone in the UK sends over an entire year, just in case there is a clue that could subsequently be found to link two people suspected of involvement in terrorism. For email marketers, that is a side issue that will be played out in the courts. The big clarion cry from the DMA this week is that they intend to spend next year opposing a draft ePrivacy Directive. The organisation claims to have early sight of a draft copy of the proposed legislation, which widens the remit of opt-in email rules to b2b communication. Now, many people -- myself included -- would be forgiven for thinking that this is a race that has already been run. When GDPR becomes enforceable through massive fines in 18 months time, anyone using anyone else's data will need explicit, informed and freely given permission for the use it is being put to. That applies whether we are talking about b2c or b2b. The GDPR rules have famously been touted as the end of the goldfish bowl at conferences inviting attendees to win a bottle of champagne, and in so doing, be contacted for ever more by the company putting up the fizz as email bait. So I have to say I'm a little confused here. More will become clear when the EU releases the full draft of its proposed ePrivacy directive, but the point the DMA is making is that opt-in has been extended from persons to "legal persons," which extends the law from us human beings to the companies we work for. My confusion is that I was presuming this was the position outlined by GDPR when it comes to handling and processing data. Thus, when it comes to opt-in or opt-out, we're pretty much there already and the ePrivacy Directive will simply confirm that is the case. In other words, an email address that is clearly a corporate inbox, such as jane@company.com, is currently fair game, under PERC rules, and requires a specific opt-out to not be contacted. However, jane@gmail.com would require an opt-in because it's clearly personal. This is being overruled by GDPR that requires all email addresses to be specifically opted in. It's already the law, but the fines that give it teeth don't come in to effect until May 2018. The new ePrivacy Directive will simply be the icing on a cake that has already been baked. Won't it? The law has moved on and while regulations and spam filters have helped to clear up personal inboxes, anyone who logs on to their corporate account will know there can be a lot of cold-call type emails and the same goes for real calls on the telephone. This is what lawmakers are trying to move us away from, and when it comes to cold email marketing, I can't see it being too much of a problem that a person's work email is given as much protection as their private address. Can you?