First off, we have the DMA. Now, I mentioned the other day that I thought their relief at the new ePrivacy Directive draft was a little premature, given their previous opposition to revising rules around sharing data and updating consent terminology for direct marketing. The trade body had expressed relief that -- in their eyes at least -- the new wording looked to maintain the established practice of b2b email marketing being a little short of detail on permissioning. They have always clung to a position that "legitimate interest" means a business can email another corporate inbox on what is, compared to a b2c campaign, a pretty flimsy pretext.
Ironically, after telling me that GDPR and the proposed ePrivacy Directive are different beasts, one of the association's big concerns is over the wording of the prospective law being virtually identical to GDPR -- namely, that people need to give explicit consent and then be reminded what they have signed up for at regular intervals, with an opportunity to review those settings.
Now, the proposed law suggests this should happen every six months. The DMA says more clarification is needed. The ICO also joined in the called-for clarification yesterday as it produced guidelines for preparing for GDPR. It also says more clarification is needed around explicit consent and consent -- namely, what is the difference?
I would humbly submit that both pieces of legislation are clear in sprit -- if not the actual letter -- of the law. Explicit consent is exactly that. It's not assumed, it's freely given and recorded and outlines the scope and the implications of that consent. It's not the kind of "consent" we give to cookies by clicking "okay" so we can read a news story, and it's not as assumption that because one part of an organisation has my email address another division can used it for a completely different purpose.
With the ePrivacy Directive, a reminder of your permissions could be an email from a brand reminding a consumer what they have signed up for and it could well be a message when opening a browser that you may want to review your cookie consent settings -- not really all that much to get alarmed about.
If yesterday was about anything, it was kind of all about telling us what we already knew. Theresa May really is taking us completely out of the EU and the Single Market, when she said "Brexit means Brexit" she really did mean it. And while the DMA questions the proposed ePrivacy Directive's wording and the ICO pondered what is meant by "explicit" consent, we can all assume there has been a step change which the Information Commissioner rightly referred to as a game changer last night.
None of this is new. The UK was leaving the EU since June, and the EU has been insisting that consent to marketing becomes explicit and freely given, with a right to review those decisions at a later date.