Draft EU ePrivacy Regulation Leaked

By: Richard Beaumont | Wednesday, December 14, 2016 | Tagged: Cookie Law, ePrivacy, ePrivacy Regulation | Leave Comment

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week.

The proposal is for a much stricter regime, requiring prior consent for cookies and any kind of online tracking techniques.  Fines for failure to comply may reach as high as 4% of a company’s global revenues.

The proposed new instrument will be a directly applicable Regulation, and is intended to harmonise communications privacy rules with the wider GDPR.  Unlike the GDPR there will be only a 6 month lead in period from the law being passed, which will not give much time for business to react.

The revised rules are particularly aimed at what the legislators call the ‘surreptitious monitoring’ of online behaviour, and will have a big impact on third party cookies and tracking that enables often invisible companies to build up profiles of web users internet activity.

There are some changes that will be welcomed by website owners, most notably that web analytics will be exempt from the requirement for consent. 

A lot of emphasis is placed on encouraging web browsers to take more active role in mediating consent to avoid the need for overly intrusive pop-ups, but this will rely on some significant changes to the way most browsers currently work – so it remains to be seen whether they will be willing and able to take on such responsibilities.  What is very likely however is that the Do Not Track setting in browsers will take on more significance than it has to date.

As with the GDPR, the new ePrivacy Regulation will have significant extra territorial effects, and will require websites around the world to respect the rights of EU based visitors.

What Does This Mean for Website Owners?

This is of course a draft, and we can expect much negotiation and lobbying especially from the online advertising industry, before we get to a final text.  However, what seems inevitable now is that the big fines will mean the cost of getting cookie compliance wrong in the future, will be much more significant.

It also looks inevitable that even if you have a cookie solution in place on your website today, you will need to look again at how it works to make sure it will be compliant with these new rules.

We also anticipate that companies with have to pay much closer attention to ongoing monitoring of their sites in the future, making sure that the remain compliant with every change they introduce.

We will of course be actively monitoring the situation, and making sure our clients are prepared for whatever the future for cookie compliance brings.