WTF is the EU ePrivacy directive?
A term which has been dormant in media headlines, and most likely Google searches, for a couple of years, resurfaced again this week: The European Union ePrivacy directive, also known as the EU cookie directive, is back. This has been due a revision that updates it to correlate better with its big brother, the General Data Protection Regulations.
Any update to EU-wide data laws, though important, can be horribly dry (and confusing) to digest.
We’ve broken down some of the most important points for marketers and publishers who want to know more about it.
So WTF is the EU cookie directive?
Europeans are all familiar with slightly annoying banner pop-ups that appear on any website they visit, asking for consent to collect cookies. That was the product of the last (and existing) EU cookie directive update. Essentially, it is the European Commission’s way of trying to apply some regulation to how companies collect individuals’ data online, and give people more choice over how their cookies are used to track them. At least that’s the theory.
So that’s a good thing, right?
Yes and no. The idea of giving people more choice over how their cookies are collected may be sound. The reality of how that can actually be executed is complex and messy — and potentially won’t result in a better user experience.
One of the goals with these latest EU cookie proposals is to drop the need for the existing banners that ask for people’s permission to drop cookies, having deemed them annoying. The rub: The alternative of what publishers (and any business that runs a website and drops cookies on visitors) will have to do may result in, ironically, more banners. These updated proposals will mean, for example, that publishers, brands and anyone collecting or analyzing data for the purposes of advertising will have a few more hoops to jump through to gain consent.
So what are the hoops?
In the revised law, consumers will be the ones setting their privacy settings via their browsers or any mobile apps they use. In theory, that means they can select options for how much they let themselves be tracked — they may agree to allow all their cookies to be used, or just some, or none. And they will need to set that up in their browser settings. That way, websites would supposedly read the cookie preferences set in users’ browsers. At least, that’s the theory. But if users opt against allowing most cookies, then publishers may have to issue a pop-up every time the users visit their site to inform them that they need to give permission first — much like ad-blocker pop-up messages currently work, according to the IAB’s head of policy and regulatory affairs, Yves Schwarzbart.
There’s also been some clarity on an area that there was some confusionlast year — whether publishers are legally within their right to use ad blocking detection software. That seems to have been a storm in a tea cup. The European Commission has revealed that this is totally fine.
And what about messaging apps?
Tougher rules on how messaging services, such as WhatsApp, Skype and Gmail, are included in the revised proposals. There are already tight regulations around SMS text messages, which telcos already abide by, meaning safeguards are in place to ensure confidentiality of messages sent, for example. To date, newer companies like WhatsApp — which provide over-the-top services, but which many people now use to send messages — haven’t been included. The revisions now rectify that.
So do companies need consumer consent to gather all data now?
No. There are certain exemptions. For example, a supermarket that provides online shopping won’t have to ask for consent to remember shopping-basket data. And that also includes counting visits to a specific person’s site.
What else is different about these new proposals?
These proposals have intentionally been revised to align better to the GDPR. But one of the biggest differences between them currently is that GDPR is a regulation, and the cookie law is a directive. And the difference between the two is quite important: A regulation means that each of the 28 member states in the EU must adhere to the exact same laws and ways of implementing them. No wiggle room whatsoever. Whereas each country in the EU can implement whatever version of a directive works best for their individual markets. So those with a more advanced digital advertising landscape, like the U.K., needn’t apply such strict rules as the likes of Germany or Scandinavian countries, for example. But the EU ePrivacy proposals released this week are suggesting the directive become regulation. And it’s “very likely” this will become the case, according to Schwarzbart.
This sounds very similar to GDPR.
Yes, that’s intentional. And again, ad tech companies that provide the ad services but don’t have the direct access to the customer data (like a publisher or a brand might with its customer relationship data) will find the changes a lot trickier to implement.
What are the next steps?
The revised laws will now go to the European Parliament, and the EU’s Council of Ministers, who represent the 28 member states, will have a chance to make amendments. The goal is to have them ready for implementation at the same time as GDPR: 2018.
Member ExclusiveCase Study: How The Week successfully created a children’s media property amid the pandemic
The Week created and grew a children's publication in the unprecedented pandemic year to keep young audiences engaged.
Bloomberg Media is testing paid tiers for virtual events
Bloomberg is testing a virtual events model where attendees could pay different amounts to attend with a slew of tracks.
‘They won’t enable our identifier’: Identity tech providers try to make sense of Google’s plan not to support alternate identifiers
Some identifiers just won’t work in some Google inventory, but identity tech providers are keeping a stiff upper lip.
SponsoredPeople-based identifiers are driving personalized customer experiences
Marketing teams are now well into 2021, and third-party cookies along with mobile ad IDs are officially on notice, which has implications for all marketers. Soon, cookie- and device-based targeting, frequency capping, measurement and attribution will break. Evolving privacy regulations and policy changes from browsers and device makers have sparked many proposed solutions to replace […]
PopSugar Fitness expands health and wellness coverage after success with at-home workout videos
PopSugar hired Jennifer Fields as deputy editor of fitness to broaden fitness content to include mental health and wellness.
‘It moved quicker than we planned’: iProspect’s global president Amanda Morrissey on the restructure with Vizeum
iProspect's global president Amanda Morrissey expects to complete Denstu-owned performance agency's restructure with Vizeum by the end of March.