WTF is the EU ePrivacy directive?
A term which has been dormant in media headlines, and most likely Google searches, for a couple of years, resurfaced again this week: The European Union ePrivacy directive, also known as the EU cookie directive, is back. This has been due a revision that updates it to correlate better with its big brother, the General Data Protection Regulations.
Any update to EU-wide data laws, though important, can be horribly dry (and confusing) to digest.
We’ve broken down some of the most important points for marketers and publishers who want to know more about it.
So WTF is the EU cookie directive?
Europeans are all familiar with slightly annoying banner pop-ups that appear on any website they visit, asking for consent to collect cookies. That was the product of the last (and existing) EU cookie directive update. Essentially, it is the European Commission’s way of trying to apply some regulation to how companies collect individuals’ data online, and give people more choice over how their cookies are used to track them. At least that’s the theory.
So that’s a good thing, right?
Yes and no. The idea of giving people more choice over how their cookies are collected may be sound. The reality of how that can actually be executed is complex and messy — and potentially won’t result in a better user experience.
One of the goals with these latest EU cookie proposals is to drop the need for the existing banners that ask for people’s permission to drop cookies, having deemed them annoying. The rub: The alternative of what publishers (and any business that runs a website and drops cookies on visitors) will have to do may result in, ironically, more banners. These updated proposals will mean, for example, that publishers, brands and anyone collecting or analyzing data for the purposes of advertising will have a few more hoops to jump through to gain consent.
So what are the hoops?
In the revised law, consumers will be the ones setting their privacy settings via their browsers or any mobile apps they use. In theory, that means they can select options for how much they let themselves be tracked — they may agree to allow all their cookies to be used, or just some, or none. And they will need to set that up in their browser settings. That way, websites would supposedly read the cookie preferences set in users’ browsers. At least, that’s the theory. But if users opt against allowing most cookies, then publishers may have to issue a pop-up every time the users visit their site to inform them that they need to give permission first — much like ad-blocker pop-up messages currently work, according to the IAB’s head of policy and regulatory affairs, Yves Schwarzbart.
There’s also been some clarity on an area that there was some confusionlast year — whether publishers are legally within their right to use ad blocking detection software. That seems to have been a storm in a tea cup. The European Commission has revealed that this is totally fine.
And what about messaging apps?
Tougher rules on how messaging services, such as WhatsApp, Skype and Gmail, are included in the revised proposals. There are already tight regulations around SMS text messages, which telcos already abide by, meaning safeguards are in place to ensure confidentiality of messages sent, for example. To date, newer companies like WhatsApp — which provide over-the-top services, but which many people now use to send messages — haven’t been included. The revisions now rectify that.
So do companies need consumer consent to gather all data now?
No. There are certain exemptions. For example, a supermarket that provides online shopping won’t have to ask for consent to remember shopping-basket data. And that also includes counting visits to a specific person’s site.
What else is different about these new proposals?
These proposals have intentionally been revised to align better to the GDPR. But one of the biggest differences between them currently is that GDPR is a regulation, and the cookie law is a directive. And the difference between the two is quite important: A regulation means that each of the 28 member states in the EU must adhere to the exact same laws and ways of implementing them. No wiggle room whatsoever. Whereas each country in the EU can implement whatever version of a directive works best for their individual markets. So those with a more advanced digital advertising landscape, like the U.K., needn’t apply such strict rules as the likes of Germany or Scandinavian countries, for example. But the EU ePrivacy proposals released this week are suggesting the directive become regulation. And it’s “very likely” this will become the case, according to Schwarzbart.
This sounds very similar to GDPR.
Yes, that’s intentional. And again, ad tech companies that provide the ad services but don’t have the direct access to the customer data (like a publisher or a brand might with its customer relationship data) will find the changes a lot trickier to implement.
What are the next steps?
The revised laws will now go to the European Parliament, and the EU’s Council of Ministers, who represent the 28 member states, will have a chance to make amendments. The goal is to have them ready for implementation at the same time as GDPR: 2018.
‘Catalyst for growth’: GroupM’s Brian Wieser bumps up his 2021 and 2022 global and U.S. ad forecasts
The latest global ad revenue forecast from WPP’s GroupM is out — and if it’s accurate, media is going to have a pretty great 2022 with almost 10 percent growth.
Member ExclusiveMedia Buying Briefing: ‘There’s a real strain’ on media agencies as they try to staff up after mediapalooza gains
How will media agencies staff up when employees are leaving in droves, either from burnout or more lucrative offers from brands and tech firms?
How Reuters Events maintains a role for virtual as it returns to in-person events
After a successful two years running mostly virtual conferences, Reuters Events is exploring more hybrid and in-person components to its events for next year.
SponsoredMarketer’s playbook: Delivering performance alongside privacy
Jonathan Meltzer, director of marketing, ads privacy, platforms and measurement, Google One way to prepare any business for what’s next in 2021 and 2022 is to invest in data and insights. However, shifts in consumer expectations challenge even the most experienced marketing team to find safer ways to show people ads and measure campaigns. To […]
‘Lens of the West Coast’: Inside the L.A. Times’ new head of audio’s plan to focus the publisher’s podcasts
Aguilera wants people to one day associate the newspaper publisher with its podcasts and their West Coast "vibe and tone." But first, she is tasked with growing the L.A. Times' daily news show "The Times."
Member ExclusiveMedia Briefing: What publishers should watch for when meeting with blockchain vendors
In this week's Media Briefing, media editor Kayleigh Barber explores the primary questions publishers should be asking when evaluating potential blockchain partners.