The ePrivacy regulation, expected to be finalised at EU level in 2019, puts the spotlight on our communications data. Whether you’re skyping a colleague in Beijing, messaging your friends on WhatsApp, creating virtual cookies by visiting a website, or just using an app to turn on your heating, ePrivacy wants to update the rulebook.
For businesses, this means asking for explicit consent about communications data, from the location of a user’s calls to the websites they visit.
The idea behind ePrivacy is sensible. The world has changed a lot since 2003 when the original guidelines were introduced (iPhones didn’t make an appearance until four years later), and we’re now using technology to communicate in ways we never expected. Tech that used to be the stuff of science fiction (like video calls) is now a part of everyday life.
It is vital for businesses and consumers that privacy rules are fit for today’s data-driven world.
Communications data contains a huge amount of information about our habits, interests, and relationships – and consumers deserve a degree of control over it.
CBI research has found that confidence in data privacy is the top concern for consumers when deciding which products and services to use.
The EU has been leading the way on new regulations, but in its current state, ePrivacy stills needs some serious work.
It was meant to be a complementary set of rules to GDPR that would arrive at the same time. Instead it has been majorly delayed, and in its current form, ePrivacy looks like an unruly sibling that will largely cover the same issues as GDPR while causing additional legal headaches and uncertainty – at a time when businesses have just spent months (and millions) preparing for GDPR.
For starters, businesses need clear data protection rules to follow. In its current form, ePrivacy is in some ways contradictory to GDPR on the rules for how organisations get permission to use data.
Next, data regulations should give people real choice about how their information is used. Under ePrivacy, people would have to make blanket decisions about their privacy settings whenever they set up a new device or download new software.
Finally, under ePrivacy, manufacturers using new technologies like the Internet of Things would need to rethink their entire business models.
The current state of the proposals sets up a situation where machines sharing personal data would have to ask each other’s permission – that seems tricky to pull off in practice. For the UK economy to thrive, we need to support – not stifle – the adoption of these new technologies.
Regardless of Brexit, any company wanting to trade with the EU will need to get onboard with ePrivacy.
The UK government is aware of these concerns and is going in to bat for business while we’re still at the EU negotiating table, and it’s true that enforcement deadlines are still a way in the future. But if GDPR caught you off-guard, perhaps it’s time to take an early look at ePrivacy, and understand if your business is ready for the next data revamp.