Most are now, or should be, familiar with GDPR. In addition to that legislation, what is known as the ePrivacy Regulation was supposed to be set at the same time. That has been postponed and comes into effect in the second half of this year. If you own a business and have heard about the ePrivacy Regulation but are unsure what it all means, you’ve come to the right place.
In this post we will look at what it is, who it affects and what penalties there are for breaching it.
What is the ePrivacy Regulation?
The ePrivacy Regulation is a stronger law all EU member states will have to follow. It replaces the current ePrivacy Directive. While it was set to uphold EU Charter, Article 7 regarding family and private life, there was never stipulations that ensured all member states implemented it in the same way. Member states were allowed selectivity when it came to which parts they adopted and enforced.
With technology being such a huge and integral part of people’s lives now and the interconnectivity of devices that connect to the internet, there is a greater risk to violation of individual’s privacy. That is why the ePR was necessary.
ePR and GDPR
While the GDPR concerns data protection in general, it doesn’t cover electronic communications. Whereas the ePR focuses on electronic communications. In legal terms, it is referred to Lex specialis. This basically means while the same definitions are used in both, the ePR overrides the GDPR when electronic communication data privacy issues are raised.
What Does the EPrivacy Regulation Cover?
All communications are protected, whether they’re transmitted electromagnetically, optically, by radio or wire. This means all communications sent via electricity cable systems, fixed networks, cables and satellites are covered.
The regulation will also have a focus on
- OTT Services and Metadata – Over the Top (OTT) service providers like Skype, WhatsApp and Google are more prominent now than ever. The ePR is set to set stricter confidentiality rules for big internet communications companies that will make them more accountable when the law is breached.
- Cookies – The ePR looks to simplify the process involving cookies, streamlining consent so that the responsibility is with web browsers rather than websites.
- Unsolicited Marketing – Stricter rules will be put in place regarding unsolicited marketing via SM and email, as well as cold-calling via telephone.
- Public Wi-Fi and IoT – The regulation will also cover all other forms of communication tech, specifically data communication through IoT devices and networks.
What Penalties Will There Be for Breaches?
There are penalties for breaches laid out in Article 23 and these are the same sanctions applicable under GDPR. They can range from a maximum of 10,000,000 Euros or 2% the worldwide annual turnover to as much as 20,000,000 Euros or 4% of worldwide turnover annually. Each fine depends, as it does with the GDPR, on the various mitigating factors, including scale and whether it was deliberate or not.
Whether your business is affected or not, depends on your strategies. For instance, if electronic communications are integral to your business, you’ll need to assess your current setup and make changes to ensure it falls in line with the regulation.
It may also be worth anticipating threats. For instance, if your business involves publishing and third-party advertising cookies, there may be a drop in your revenue, where user’s browsers have been set to block specific identifiers. Therefore, you may need to persuade users to enable cookies when using your site.
All in all, EPR is not something you should ignore. As you can see from the above, non-compliance fines are high, and your business’s reputation could be damaged too. There is still a lot of time though, and if you need any help with compliance, you can speak to our team here at Relentless on email@example.com.