The European Union’s new ePrivacy regulation is becoming a nightmare for the digital media and advertising industries.
The new ePrivacy law has received far less attention than the GDPR, partly because the regulation hasn’t been set in stone, and ad trade bodies were confident they could water down the terms. But their optimism was dented last week when the European Parliament voted for the law to go to the next stage, ignoring any lobbying to date. Businesses ignore ePrivacy at their own peril because the fines for flouting it will mirror those for the GDPR.
Who will emerge as winners and losers of the new ePrivacy law isn’t black and white. In truth, everyone stands to lose something. Here’s a breakdown.
Cookies are at the core of all behavioral marketing and advertising, with advertisers using them to build a picture of people’s interests by tracking which websites they visit. Once someone visits a site that shows one of their ads, they can tailor the ad’s message to cater to the person’s inferred interests. The new ePrivacy law would require advertisers to gain explicit consent for every cookie they drop, burdening any vendor that provides ad retargeting and any media or marketing business that uses retargeting. The law would also curb Facebook’s and Google’s ability to collect and use consumer data, restricting them from targeting ads based on data from over-the-top services like WhatsApp, Gmail and Messenger, unless they receive consent from individuals across each service.
Third-party cookie addicts
Many varieties of cookies exist, but third-party cookies are in the most direct firing line of the new ePrivacy law because they’re most commonly used in online advertising. Advertisers drop cookies when people visit their sites to build behavioral profiles, which can then be used for retargeting. Under the new ePrivacy law, using cookies for this purpose is labeled intrusive and an invasion of privacy. In theory, businesses that cultivate login registrations from users will fare better than those reliant on third-party cookies.
A/B testers (aka everyone)
The ePrivacy law proposal doesn’t distinguish between different kinds of cookies, but it would be better for everyone if it did. For example, publishers use “non-tracking” cookies for A/B testing new features and products on their sites with users, storing the test groups to which visitors are randomly assigned. This allows publishers to get an idea of which user experience people prefer and helps shape future product and user-experience rollouts. This kind of cookie facilitates a better user experience and helps personalize website experiences.
Cookie banner haters
Europeans are familiar with the annoying cookie banners that appear on websites within the 28 EU member states, courtesy of the existing ePrivacy law. The new law would eliminate these banners, which aren’t a great user experience. That said, it’s unclear how else websites would communicate to consumers why cookies are needed so consumers can grant consent.
Login registration strategies
Whether browsers will be winners under the new law depends on who you speak to. German publishers like Axel Springer believe browsers could bend the new rules to their own advantage, which could result in publishers being held ransom over consent settings — like paying a fee to be whitelisted in the settings, for example. Others suggest that browser makers could shoulder additional costs for developing software with built-in privacy settings due to the changes.
Some silver lining exists for telecommunications companies, which have long been wary of OTT services piggybacking off their networks and reducing their role to dumb pipes. Although telecommunications companies won’t get special treatment, they would at least be on a more level playing field with OTT services than before.