Beyond GDPR: Understand European ePrivacy law

Nikita Smits by Nikita Smits   24 Oct


Cookie Law PECR

Most marketers have heard about GDPR or the General Data Protection Regulation. But with all that buzz, we tend to forget that there is another set of rules we have to keep an eye on: the ePrivacy Directive. This is an indication given by the EU in 2002 about how we can use email and cookies amongst other topics. Remember "the cookie law"? 

The challenge we as marketers face is that the last update around the ePrivacy Directive is from 2002 and is linked to the previous Data Protection Directive that has been replaced with GDPR. There are a few problems with that. First, the ePrivacy Directive and GDPR don’t completely match up yet. Second, it’s a directive and every European country created their own set of rules around this directive. In practice, that means that marketers who work with data from people across Europe, either have to follow the strictest set of rules (we are looking at you, Germany) or treat their leads differently based on country. Even though that last option is technically possible, it’s a big hassle. The first option comes with another challenge: how many leads will you lose by adhering to the double opt-in rule?

ePrivacy Directive update

Many people believe that the ePrivacy Directive will make it easier to understand both e Privacy and GDPR and how to work with these two sets of regulations together.

Where in the past there we some grey areas around for example cookies, these now have been cleaned up. It’s no longer possible to limit visitors if they don’t accept your cookie policy for example:

 “This Regulation should prevent the use of so-called “cookie walls” and “cookie banners” that do not help users to maintain control over their personal information and privacy or become informed about their rights.”

On top of that, the idea is that the ePrivacy Directive will become European law, meaning that all European countries have the same set of rules for electronic communication. 

It is important to note that we’re discussing published proposal text that aims to update the directive but this hasn’t happened yet. Various elements are still to be confirmed. The original, ambitious, goal was to implement the adjustments to ePrivacy on the same date as GDPR compliance becomes mandatory but it looks like it will happen later next year.

On October 19th, 2017, the European Parliament Committee on Civil Liberties, Justice and Home Affairs, a.k.a. LIBE Committee has voted on the new ePrivacy Regulation. The amended text has been approved by the LIBE committee which means that the next step is a vote in the plenary session of the EU parliament at the end of October. Expect to see something in 2019. 

So what can you do as a marketer?

First of all, GDPR should be your priority as the May 2018 deadline is fast approaching and the fines are a serious consequence to consider. Even though it’s not discussed as often, people have been prosecuted and fined for not adhering to the ePrivacy Directive over the past few years so we don’t expect that this will change. On the contrary. 

If you are working towards GDPR compliance in your organisation, don’t forget to help your sales and marketing teams understand what you are doing and why it’s important. BusinessBrew offers workshops to help you do this.

If you haven’t actively started working towards compliance, it’s time to get started. You may have planned your Christmas campaigns, but have you considered that you, at the time of writing, have 7 months to work towards compliance? Make sure that you build a task list for your organisation and start building campaigns to run opt-in campaigns. You still (sort of) have options to contact people in your database of who you don’t have a very clear opt-in recorded. It often takes a few touch points to get engagement so if you don’t want to have to delete a large part of your database by May 2018, you need to get started. 

We will update this blog on an ongoing basis with relevant and updated information. 

Go through this Slideshare from ISACA Privacy Open Forum – Proposal for ePrivacy Regulation from Johan Vandendriessche if you want to see the full overview of the proposed updates.


Below you can review the proposal from the European Parliament.




Topics: GDPR

Nikita Smits

Written by Nikita Smits

Marketing strategist and GDPR specialist. Nikita was one of the founding members of BusinessBrew but is currently working as a digital marketing specialist at a Copenhagen startup.