The E-Privacy Regulation – What It Means For Your Business

27 April 2018

While the European business community awaits and adapts to the upcoming GDPR legislation, the EU e-Privacy changes have not garnered the same level of attention. Although the new rules are not yet in force, it is essential that companies start to take on board what the changes will mean, and how they will be required to protect customer information.

Our short guide explains the key points that the e-Privacy Regulation will focus on.

What Is E-Privacy?

The new e-Privacy Regulation is currently being finalised and is intended to work alongside the GDPR legislation that is being introduced on the 25th of May 2018. The aim is to replace the now outdated e-Privacy directive that was previously implemented in 2011.

Once it does become law, the regulation will apply to all businesses that operate in the EU, and as such, it is a piece of legislation that all European companies need to be aware of. It will align online privacy rules across EU member states, and address outstanding issues surrounding the use of
electronic communications with user consent, cookies, and confidentiality.

Consent

In recent years, electronic communications have advanced to include various messaging and voice apps like WhatsApp, Telegram, and Facebook Messenger, rather than just email communication.
The new regulation aims to provide a more unified approach to the issues of privacy across numerous online channels, bringing them into line with the same level of consent required by offline communications providers such as telecoms operators.

Marketers will not be able to send texts, emails, or messages without permission from the account holders, and all unsolicited communications will be banned. In addition, messaging services will have to provide a more transparent consent process when users download the apps, while also
safeguarding the content of all the messages they handle.

Cookies

The rules covering the use of cookies will be simplified – there will be an end to ‘cookie consent’ pop-ups that frustrate the user experience. Instead, each user will be able to set their own privacy options when installing a browser and avoid the constant need to authorise cookies when surfing
the web.

No consent will be needed for non-privacy-intrusive cookies that actually help improve the internet experience e.g. remembering previous shopping orders to save time, or cookies that record the number of website visitors.

Confidentiality

Providers of all forms of electronic communications will have to secure the communication features they provide and will have a responsibility to stay updated with the latest safety features to ensure that confidentiality continues to be protected.

The e-Privacy regulation makes it necessary for metadata to be secured in the same way as the content of any messages or calls that are made. Privacy should be guaranteed and it must be impossible for third parties to track or monitor where or when a communication is made. Any interception of electronic communications is also prohibited unless it is required by an EU law enforcement agency.

With the exception of metadata that is needed for billing reasons, all metadata should be anonymised or deleted unless users give their permission for the service provider to keep it.