Replacing an earlier directive (implemented in 2002), the Regulation aims to:
- Ensure privacy across all electronic communications platforms
- Introduce simpler rules on cookies
- Increase transparency in direct marketing.
As a regulation, it will apply directly within every EU member state. As with GDPR, the UK government has confirmed it would be implemented in the UK before we leave the EU.
In terms of cookies and other online tracking devices, the focus shifts from website cookie banners to users’ browser settings, and seeks to address issues around ad-blocking and Wi-Fi location tracking. It tightens the rules on marketing, with the default position being that all marketing to individuals by phone, text or email must be opt-in. It incorporates the GDPR’s two-tier system of fines of up to €20 million
The proposed Regulation would significantly change the way consent for online tracking (including cookies) can be gathered.
- Browsers would be required to ask users to opt into tracking via their privacy settings, rather than the cookie notification banners which are displayed on websites today.
- Browsers will be required to ask users whether they wish third-party tracking (including cookies) to be activated upon installation. Browsers already installed will be required to ask for consent during the next update, at the latest by 25 August 2018.
- The Commission proposal suggests that browsers should offer a range of privacy setting options, including ‘never accept cookies’, ‘reject third-party cookies’, ‘always accept cookies’, and ‘only accept first-party cookies’.
- Specific configuration cookies (for example, for remembering the contents of a shopping basket) are explicitly distinguished from others and consent is not required
- Users would need to provide ‘freely given, specific, informed and unambiguous’ consent for cookies and other types of third-party tracking used for digital advertising. This is a significant change from the ‘notification and implied consent’ regime in place in many countries today, which takes the form of a pop-up notification when a user visits a website for the first time.
The proposal introduces potential fines of up to €20 million or 4% of annual global turnover – identical to the fines facing companies that haven’t complied with the GDPR beyond 25 May 2018.
What happens next?
ISBA is actively working with the World Federation of Advertisers (WFA) ePrivacy Task Force to ensure that the industry is fully briefed and aligned with the position we have outlined with the WFA, one that works to protect advertisers’ rights online, including the collection of browsing data used for targeting online advertising.
No videos to show