Skip to main content
Although the General Data Protection Regulation (GDPR) continues to dominate most of the headlines, the impending EU regulation on ePrivacy (ePR) deserves just as much attention given the impact it will have on the industry.
1. EXPERTISE AND USER TESTING ARE NEEDED TO ENSURE THAT CONSENT ISN’T JUST A BOX-TICKING EXERCISES
Over the last five years ISBA has been working with the ICO and our members on events and guidance to ensure compliance with the GDPR, due to be implemented in May 2018. ISBA believes that user testing is required to define how, where and when consent should be gathered to give consumers transparency, choice and control over their personal data.
Acknowledging the need for the Regulation to develop principles on consent, the new laws need to incorporate new technology and be future-proofed to ensure that they are relevant in a few years’ time. The best methods to ask for consent will vary depending on the context – prescriptive regulation can’t allow for this. ePR is currently too prescriptive, as it mandates: • How consent should be gathered - via software settings
• When consent should be gathered - during installation
ISBA believes that advertisers are best placed to determine the most effective methods to gain consent from users, within the rules confirmed by GDPR. There are a number of ways to achieve this, including:
• Working with experts in user experience (UX), web design, e-commerce analysis and online behaviour
• Methods for gathering consent must be tested on users in real-life situations to avoid consent becoming a ‘tick-box’ exercise, with users having little or no understanding of what they are actually consenting to.
2.EXCEPTIONS FOR WEB AUDIENCE MEASURING SHOULDN’T BE LIMITED TO FIRST PARTIES
3. CONSISTENCY WITH GDPR IS CRUCIAL FOR LEGAL CERTAINTY
4. A TECH-NEUTRAL, RISK-BASED APPROACH IS NECESSARY TO AVOID UNINTENTIONAL RESTRICTIONS
5. USERS SHOULD BE EMPOWERED TO MAKE INFORMED CHOICES ABOUT HOW THEIR DATA IS USED
ISBA’s work in this area is being led by our Data Action Group. Our next meeting, taking place on 27 July will feature Catherine Armitage, Senior Manager, Public Affairs and Digital Governance Exchange at the WFA. Catherine leads their lobbying in Brussels and will provide an update for members on the latest developments and insights on the ePrivacy Regulation.
If you are interested in becoming a member of this group and contributing to our thinking in this important area, please contact me.
It is anticipated that the ePR might become law by 25 May 2018, when the GDPR will also become law. Find out more about the ePR here.
DPN LEGITIMATE INTERESTS GUIDANCE – GDPR
You may also be interested to know that guidance has been published on how and when marketers can engage with audiences using Legitimate Interest as a basis under the GDPR. The guidance has been produced by the Data Protection Network with the support of ISBA and our members and is available here.
Marketing Services Manager, ISBA