The winners and losers of the EU’s new ePrivacy law

The European Union’s new ePrivacy regulation is becoming a nightmare for the digital media and advertising industries.

It’s easy to confuse the ePrivacy regulation with the General Data Protection Regulation, a broader law addressing consumer data privacy that has dominated the market’s attention lately. The core difference is that cookie use is central to the ePrivacy regulation, which is why it’s known as the “cookie law.” Businesses in Europe must get explicit consent to use cookies and provide clear opt-outs to users under the proposed new law. Meanwhile, the GDPR regulates the general handling of personal data.

The new ePrivacy law has received far less attention than the GDPR, partly because the regulation hasn’t been set in stone, and ad trade bodies were confident they could water down the terms. But their optimism was dented last week when the European Parliament voted for the law to go to the next stage, ignoring any lobbying to date. Businesses ignore ePrivacy at their own peril because the fines for flouting it will mirror those for the GDPR.

Who will emerge as winners and losers of the new ePrivacy law isn’t black and white. In truth, everyone stands to lose something. Here’s a breakdown.


Behavioral advertising

Cookies are at the core of all behavioral marketing and advertising, with advertisers using them to build a picture of people’s interests by tracking which websites they visit. Once someone visits a site that shows one of their ads, they can tailor the ad’s message to cater to the person’s inferred interests. The new ePrivacy law would require advertisers to gain explicit consent for every cookie they drop, burdening any vendor that provides ad retargeting and any media or marketing business that uses retargeting. The law would also curb Facebook’s and Google’s ability to collect and use consumer data, restricting them from targeting ads based on data from over-the-top services like WhatsApp, Gmail and Messenger, unless they receive consent from individuals across each service.

Third-party cookie addicts
Many varieties of cookies exist, but third-party cookies are in the most direct firing line of the new ePrivacy law because they’re most commonly used in online advertising. Advertisers drop cookies when people visit their sites to build behavioral profiles, which can then be used for retargeting. Under the new ePrivacy law, using cookies for this purpose is labeled intrusive and an invasion of privacy. In theory, businesses that cultivate login registrations from users will fare better than those reliant on third-party cookies.

A/B testers (aka everyone) 
The ePrivacy law proposal doesn’t distinguish between different kinds of cookies, but it would be better for everyone if it did. For example, publishers use “non-tracking” cookies for A/B testing new features and products on their sites with users, storing the test groups to which visitors are randomly assigned. This allows publishers to get an idea of which user experience people prefer and helps shape future product and user-experience rollouts. This kind of cookie facilitates a better user experience and helps personalize website experiences.


Cookie banner haters
Europeans are familiar with the annoying cookie banners that appear on websites within the 28 EU member states, courtesy of the existing ePrivacy law. The new law would eliminate these banners, which aren’t a great user experience. That said, it’s unclear how else websites would communicate to consumers why cookies are needed so consumers can grant consent.

Login registration strategies
Quality publishers won’t get a free ride under the new ePrivacy law. Given their use of cookies in their marketing and advertising, they will be subject to the same hurdles as everyone else — including Google, Facebook and other walled gardens. But it would be easier to gain consumer opt-in at scale for companies that have mounds of login customers and claim a genuine direct relationship with consumers. Any publisher that can demonstrate what the value exchange is for consumers should also be in a better position, as people would likely be more willing to give consent.

Whether browsers will be winners under the new law depends on who you speak to. German publishers like Axel Springer believe browsers could bend the new rules to their own advantage, which could result in publishers being held ransom over consent settings — like paying a fee to be whitelisted in the settings, for example. Others suggest that browser makers could shoulder additional costs for developing software with built-in privacy settings due to the changes.

Telecommunications companies
Some silver lining exists for telecommunications companies, which have long been wary of OTT services piggybacking off their networks and reducing their role to dumb pipes. Although telecommunications companies won’t get special treatment, they would at least be on a more level playing field with OTT services than before.

More in Media

Immediate deepens CMP strategy, slashes ad tech partnerships for sharper data governance

Consent management platforms at Immediate aren’t just about ticking boxes for data laws.

Teads’ M&A rumors are firming up with a deal to merge with Outbrain

The latest installment of ad tech M&A activity is leaving some industry folks surprised.