DIGITAL
Urban Cookie Directive Steve Todd, Technical Director at Mashbo, looks at what the ePrivacy Regulation means for city region businesses. If you thought your data compliance worries were over with GDPR, chances are you - and your business - might not be familiar with the ePrivacy Regulation. Put simply, the ePrivacy Regulation is an EU law on personal privacy and data protection, which is due to be approved in 2019. Its purpose is to ensure “respect for private life, confidentiality of communications and the protection of personal data in the electronic communications sector” and will replace the current ePrivacy Directive. This directive is more commonly known as the ‘cookie law’ and is responsible for cookie consent pop ups on websites that we’re all familiar - if not completely fed up - with.
18
In many ways the regulation will be a stronger version of the ‘cookie law’. It will render the familiar “accept all cookies” banner unsatisfactory in terms of gaining consent. In some cases it will even override the GDPR with regards to electronic communications. Once the directive becomes regulation, it will automatically become legally binding in all EU nations. But what when will that happen and what will that mean practically for businesses in the UK? ePrivacy regulation: What do I need to do? The details of the proposed regulations are still being discussed by the EU Commission, EU Parliament and EU Council, there is no set date for the official regulation
text to be finalised and reactions and amendments will follow. At the very least, businesses need to be aware of upcoming changes so they can work to deadlines when they are set. Some advice suggests businesses - particularly those in the UK, where Brexit is looming - need not take action yet. However, it’s never too early to start creating a plan that will meet the expected requirements of the new regulation: • Prior consent must be obtained for the use of any ‘non essential’ cookies. These are cookies that do not support a site’s core functions, including (but not limited to) commonly used analytics and marketing services such as: Google Analytics, Semrush or Hubspot • Consent should be positive and unambiguous, clearly informing of the exact use of cookies in a way that users will fully understand
• While first party cookies for purely analytical purposes are expected to be exempted from the rule, cookies from external services such as Google Analytics or Facebook may not be exempted • Browsers will need to contain cookie controls and users must choose those settings as part of the installation process But what about Brexit? Will we still need to adhere to the new regulation if we leave the EU on 31 October 2019? In short, yes. If the ePrivacy Regulation is adopted and becomes law during the transition period that is due to last until 31 December 2020 (but may continue to 2021 or even 2022), it will automatically become UK law, so putting plans in place now will keep your business ahead of the game. Keep an eye on mashbo.com for future updates on the ePrivacy regulation.