With the GDPR on the horizon, the EU is now overhauling and expanding the reach of the more specific privacy rules which relate to direct marketing, cookies and other forms of online monitoring. The ability of social media and messaging services to track users is one of many areas touched on in the European Commission's newly proposed ePrivacy Regulation, which was officially unveiled last week. We highlight some key impacts for the tech and media sectors, provided the proposed draft passes through the legislative process without dramatic changes. Businesses should incorporate these new requirements into their GDPR readiness planning. Why are the rules being updated?
Yesterday, 10 January, the European Commission (EC) presented its formal proposals for the new ePrivacy Regulation. On initial analysis, the first official draft of the Regulation appears broadly similar to last month's leaked version, explored by Datonomy here. Datonomy will be providing a fuller analysis, however in the meantime the EC's Fact Sheet provides a useful starting point. The Commission's aim is to have the new Regulation adopted by 25 May 2018 when the GDPR takes effect. Olswang's Head of Digital and Data, Elle Todd, and Alex Dixie, the firm's Head of Adtech, will be taking a first look at the practical impacts of the new proposals in a webinar at 15:00 UK time on Thursday 19 January. Follow this link to register. In particular the webinar will examine:
- changes in the scope of the new regime to cover … Continue Reading ››
Yesterday (13 December) in time-honoured tradition, a draft proposal of the European Commission's (EC) new ePrivacy Regulation was leaked. The official draft of the proposal is not expected to be published by the EC until January 2017, and it is possible some of the detail will change before then. Datonomy will be providing fuller analysis of the real thing in the near future, but an initial look at the leaked draft – which (typos aside) gives a good indication of what to expect - reveals the following:
- It's a Regulation rather than a Directive (as predicted by Datonomy here)
- A fining regime similar to GDPR
The Information Commissioner's Office (ICO), the UK's data protection regulator, is cracking down on the online gambling sector's use of personal data to promote online gambling. It has contacted around 400 companies to threaten them with fines of up to £500,000 if they are found to be collecting and using personal data for marketing in a manner which does not comply with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR). In its press release, the ICO said it is writing to over 400 companies, all believed to be egaming marketing affiliates, demanding they set out how they use people’s personal details and send marketing texts, including where they got people’s personal information from and how many texts they sent. What is the ICO worried about? The ICO has expressed concern that the prolific use of affiliate marketing is resulting in a lack of accountability, … Continue Reading ››
In all the excitement last week over the European Parliament's approval of the General Data Protection Regulation (GDPR) and the US Privacy Shield, you may have missed that the European Commission published a consultation on Monday 11 April regarding the ePrivacy Directive. Don't worry though, here is what you need to know: What is the purpose of the consultation? The consultation forms part of the Commission's Digital Single Market (DSM) Strategy and is necessary given that the GDPR, once adopted, will impact the e-Privacy Directive which sets out some additional and specific rules regarding the processing of personal data in the electronic communications sector. Infamously, the e-Privacy Directive contains the almost uniformly derided cookie consent requirement, so many people are likely to want to input. It also contains rules on breach notification, consents for marketing by electronic means and use of traffic and location data. The Commission … Continue Reading ››
Datonomy can empathise with anyone tasked with making their organisation's website compliant with the cookie consent rules. Here we share our own experiences, review the latest guidance from the ICO and take a look at some of the compliance mechanisms appearing on other UK websites. Stop press – revised guidance from the ICO on implied consent The ICO marked the end of its year long enforcement amnesty by refreshing its guidance. On 25 May it launched:
- a helpful 11 minute video of Dave Evans, Group Manager at the ICO, setting out the Commissioner's enforcement stance and guidance for businesses yet to make a start on compliance;
- version 3 of its compliance guidance for website owners; and
- advice for the public on controlling cookies.