PART 2 - The New e-Privacy Regulation: The New Rules

The world of data privacy is becoming messier to navigate. Companies have spent the last few years implementing important changes to ensure they are compliant with the General Data Protection Regulation (GDPR). However, while all of this has been going on, EU officials have been busy planning the next big change. At the moment, it is difficult to go into detail on the new rules since the possible amendments are heavily caveated.

So far, in general, the new Cookies Legislation would apply to any business providing any form of online communication service, using any online tracking technology, or engaging in any electronic direct marketing. This means that it would apply to players such as Skype and would ensure the same level of confidentiality across operators.

In our first part of this two-part article, we looked at the timeline that overviews the history and debate around the so-called new “Cookies Legislation”. But what exactly are the new rules to be, and what do businesses need to do?

Overview

Data, generally, must always remain confidential and any interference with the communication of that data, either by a human or through an automated process, is prohibited. Metadata- time and location data- has a high privacy content and should be anonymised or deleted if the users did not give their consent, unless the data is needed for billing.

It should be easier for browser settings to have a blanket refusal to tracking cookies and other identifiers. Users must be given the option of setting higher level cookie policies and clear, affirmative action from a user is required to accept a cookie. 

Unsolicited communication through email, SMS, instant messaging and so on- commonly known as spam- is banned. 

The Latest View

Whilst a commitment to uniform privacy and confidentiality is commendable, there are still worries that issues around the Regulation remain unresolved. The European Telecommunications Network Operators’ Association has suggested that there is a lack of articulation between the proposed Regulation and the existing GDPR, a lack of a level playing field for all digital players and a lack of coherent protection for citizens. As well as this, there are worries that the Regulation would not stand the test of time in the future and could not keep up with the digital age. 

It is suggested that in an attempt to lessen the regulatory burden, by artificially carving out certain service providers from the scope of the Regulation even if they process the same communications data, fails to level the playing field and does not provide sufficient protection to citizens. 

What does this mean for you? 

At this moment, the new Regulation represents the last piece to a connected EU framework for data processing and electronic communications. However, there is still uncertainty and it seems unlikely that discussions will end before 2019. 

  • For now: while the Regulation is not finished yet, it is useful to consider its most up to date version if you are carrying out a long-term project.

  • Any organisation carrying out a new Internet of Things development or creating a new website might want to review their procedures, to avoid having to make significant changes in the months (or, more years!) to come.

  • Why not check out our recent collaboration with Kabo Creative on how you can ensure your website cookies comply with the current guidance from EU Regulators?

In terms of a more definitive framework, for now, we wait. In the meantime, if you have any questions about the Regulation, or any other e-Privacy matters, please don’t hesitate to get in touch!

Article by Lily Morrison @ Gerrish Legal, November 2019

Previous
Previous

Is your use of Facebook “Like” plugins lawful?

Next
Next

PART 1 - The New e-Privacy Regulation: A Timeline So Far