What a huge day yesterday was for Europe -- or at least the UK's relationship with the EU, which it has emphasized that it will be leaving without any attempt to remain in a Single Market. That was
the intention laid out for the first time Tuesday by Theresa May when she underlined how she wasn't talking in riddles before, Brexit really does mean Brexit. It was a big announcement for all
marketers, but developments at the DMA and the ICO meant the day was particularly dominated by Europe for email marketers.
First off, we have the DMA. Now, I mentioned the other day that I
thought their relief at the new ePrivacy Directive draft was a little premature, given their previous opposition to revising rules around sharing data and updating consent terminology for direct
marketing. The trade body had expressed relief that -- in their eyes at least -- the new wording looked to maintain the established practice of b2b email marketing being a little short of detail on
permissioning. They have always clung to a position that "legitimate interest" means a business can email another corporate inbox on what is, compared to a b2c campaign, a pretty flimsy pretext.
Ironically, after telling me that GDPR and the proposed ePrivacy Directive are different beasts, one of the association's big concerns is over the wording of the prospective law being
virtually identical to GDPR -- namely, that people need to give explicit consent and then be reminded what they have signed up for at regular intervals, with an opportunity to review those
settings.
Now, the proposed law suggests this should happen every six months. The DMA says more clarification is needed. The ICO also joined in the called-for clarification yesterday as it
produced guidelines for preparing for GDPR. It also says
more clarification is needed around explicit consent and consent -- namely, what is the difference?
I would humbly submit that both pieces of legislation are clear in sprit -- if not the
actual letter -- of the law. Explicit consent is exactly that. It's not assumed, it's freely given and recorded and outlines the scope and the implications of that consent. It's not the kind of
"consent" we give to cookies by clicking "okay" so we can read a news story, and it's not as assumption that because one part of an organisation has my email address another division can used it for a
completely different purpose.
With the ePrivacy Directive, a reminder of your permissions could be an email from a brand reminding a consumer what they have signed up for and it could well be
a message when opening a browser that you may want to review your cookie consent settings -- not really all that much to get alarmed about.
If yesterday was about anything, it was kind of all
about telling us what we already knew. Theresa May really is taking us completely out of the EU and the Single Market, when she said "Brexit means Brexit" she really did mean it. And while the DMA
questions the proposed ePrivacy Directive's wording and the ICO pondered what is meant by "explicit" consent, we can all assume there has been a step change which the Information Commissioner rightly
referred to as a game changer last
night.
None of this is new. The UK was leaving the EU since June, and the EU has been insisting that consent to marketing becomes explicit and freely given, with a right to review those
decisions at a later date.