In January 2017 the European Commission unveiled the draft E-Privacy Regulation (Regulation) which, if implemented, will replace the current EU E-Privacy Directive (2002/58/EC) which is currently in place under the UK’s legislation through the Privacy and Electronic Communications Regulations 2003 (PEC Regulations).
The draft proposal includes a number of reforms:
- Extension of the scope of the e-privacy rules to catch communications such as Whatsapp, Facebook and Skype.
- Stricter direct marketing requirements in an aim to protect individuals from unsolicited marketing. Callers will be required to identify themselves by displaying either their phone number or a prefix so the individual can identify that it is a marketing call.
- Mirroring the GDPR’s definition of ‘consent’ whilst simplifying the rules on Cookies and other forms of consent.
- Bringing the fines for non-compliance in line with the GDPR. The level of fine will depend on what provision of the Regulation is breached. For breaches relating to unsolicited emails it will be the higher of €10 million or 2% of the worldwide turnover. For breaches relating to confidentiality and processing of electronic communications data it will be the higher of €20 million or 4% of worldwide turnover.
The Regulation is scheduled to be implemented from May 2018 aligning with the GDPR. However, unlike the GDPR, the majority of the Regulation’s proposals are still in draft form, so, whether the implementation date is realistic or not will depend on the response from the European institutions. We will be keeping track of the progress of the proposals.
In the meantime, businesses should be looking out for any updates from the ICO and keep in mind the Regulation when they are updating their marketing procedures to ensure compliance with the GDPR.