July 16, 2018
Gill Hall is a highly-experienced commercial lawyer with more than 20 years’ experience in IT law.
She explains that after the EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, close on its heels is another regulatory change which will change the way marketing and sales teams communicate with customer bases.
Businesses and marketing professionals need to understand that GDPR compliance is not a one-off project; it’s an ongoing programme that requires frequent revisiting to ensure policies and procedures remain effective, relevant and up to date.
The new e-Privacy Regulation will exist alongside the GDPR, bringing with it specific privacy rights relating to electronic communications. It will affect most businesses in some way.
With the recent surge in improvements to electronic communications, the widespread use of instant messaging and internet calling on apps and the growth of biometric technologies such as fingerprint passwords, the existing legislation is desperately out of touch.
The principal areas that the new legislation will seek to deal with are:
New and fast growing technologies, including messaging and calling services such as WhatsApp, Messenger and Skype.
Stronger rules to increase the level of protection for all people and businesses for their electronic communications.
Communications content and metadata guaranteeing privacy for this data, such as the time and location of a call.
Simpler rules on cookies: a more user-friendly and streamlined cookie provision.
Protection against spam – unsolicited electronic communications by email, SMS or automated calling machines are likely to be banned, and marketing callers will have to display their phone number or use a special prefix that indicates a marketing call.
More effective enforcement by local data protection authorities.
What you must consider
The e-Privacy Regulation has the potential to radically change some elements of business e-marketing, not least due to the significant increase in maximum fines (as for the GDPR, fines for breach of ePR may be up to four per cent of annual turnover or €20million).
As currently drafted, the regulation intends to align the requirement of ‘consent’ for business to business electronic marketing communications to match that used to regulate business to consumer contact. Organisations reliant on business to business e-marketing will have to meet a higher threshold of consent which must be freely given and unambiguous. This is a sea-change away from the concepts of implied consent and the current distinction between e-marketing to businesses (no consent needed) and consumers that have been relied upon by businesses under the outgoing e-privacy law.
At Square One Law, we advise businesses to keep a close eye on developments and seek expert advice.