May 25, a date circled in red on most marketers’ 2018 calendars, has come and gone. The European Union’s General Data Protection Regulation (GDPR) is now in effect, and all companies that handle the data of EU citizens are operating in a new reality.
But now is not the time to get comfortable with a new status quo. Not only will the implications of the GDPR (and what it means to be compliant) continue to unfold, but companies must also begin to prepare for new restrictions in the form of the EU ePrivacy Regulation.
What Is the ePrivacy Regulation?
The ePrivacy Regulation is designed to work in tandem with the GDPR. It focuses on storing and accessing data on a user’s device and, in particular, zeroes in on the areas of unsolicited marketing, cookies, and confidentiality. Here are some of the key facets:
Territorial Scope: Like the GDPR, the effects of the ePrivacy Regulation will be felt worldwide, so long as the end-users of electronic communications services are in the EU.
Cookies: Cookies will now be tracked within software and browser settings that the user elects, and an option must be available to users to prevent third parties from storing information on the end-user’s terminal equipment, or processing such information. This is intended to eliminate the banner pop-ups that appear requesting consent for cookies usage on each individual website.
Confidentiality: The ePrivacy Regulation will broaden its scope to include online communications providers, such as Gmail, Skype, and Facebook Messenger to guarantee their confidentiality measures.
Consent: The ePrivacy Regulation would increase the flexibility of the GDPR’s definition of consent by allowing consent to be obtained through the technical settings of a software application enabling access to the internet. For example, if an end-user sets their web browser options to accept cookies, consent may be presumed.
Unsolicited Marketing: The consent obtained above is the basis for sending direct marketing communications to end-users. Direct marketing messages must indicate the marketing nature of the communications and indicate the entity on whose behalf the message is sent.
What Could This Mean for Online Advertising?
While the scope of the ePrivacy Regulation is broader than the current directive, it does seek to bring some much-needed consistency to the privacy landscape and help make better sense of certain elements of the GDPR. However, new restrictions around cookies, targeting, and unsolicited marketing messages could be of concern to the online advertising industry. According to two independentassessments from German industry organizations, the ePrivacy Regulation could result in online advertising sales losses of 30% or more, largely due to the loss of targeting capabilities.
Of course, it’s hard at this juncture to know what the real financial impact of the regulation would be. There’s a good chance that ad budgets would remain consistent and simply shift to outlets where targeting on an opt-in basis is still robust. This could favor the largest of the U.S. online platforms. After all, given the size and scope of these properties, the likelihood of users opting into their requests to proceed with certain data collection and usage is far more likely than users opting into requests from properties that they visit more sporadically.
OK, So What’s the Status?
The European Commission must still determine its final revisions to the currently proposed ePrivacy Regulation. Given the extensive process required by the EU before the regulation would go live, it is unknown whether the ePrivacy Regulation will come into effect within the coming year.
But make no mistake: It is coming. And like the GDPR before it, it will bring a wave of new restrictions with it that will be felt by marketers across the globe. Lest marketers be caught flat-footed, now is the time to understand the potential implications of this new regulation, and what it means for your advertising efforts.