In the wake of the Cambridge Analytica scandal, privacy is once again front-and-center of the debate on the role technology plays in our everyday lives. As data-driven innovations become increasingly pervasive, consumers are beginning to ask, ‘how much information am I sharing, and with who?’

Marketers have been working hard to alleviate privacy concerns, asking consumers for consent to use their information and explaining what exactly they will do with it once they have access. The General Data Protection Regulation (GDPR) has given the industry an incentive to improve transparency, along with the growing realisation that audience communication and trust are at the heart of marketing effectiveness.

More privacy regulations on the way 

But right behind the GDPR comes the ePrivacy Regulation. This second piece of European Union legislation is just as impactful as its sister act and complements it by addressing privacy scenarios particular to digital communications. Originally intended to come into force at the same time as the GDPR, the ePrivacy Regulation is now set to be implemented in 2019, meaning marketers who thought they had finalised their compliance plans may still have more work to do, and a second deadline to meet.

Being part of the B2B technology industry, we know this is particularly true for our marketing contemporaries. Previously, the Privacy and Electronic Communications Regulation (PECR) governed digital communications of this type and allowed marketers to email people in a business capacity so long as they were able to opt out of communications. While the exact wording is still under negotiation, the new ePrivacy Regulation which replaces the PECR is likely to make no distinction between these two categories. It is thought it will take a ‘soft opt-in’ approach to electronic communications, which is similar to the concept of ‘legitimate interest’ proposed in the GDPR.

How will it complement GDPR?

This means marketers can text, email or send social media messages to people if they have obtained their contact details during sales, stated how they plan to contact them, and only use these methods to promote similar goods or services. Again, they will need to include a method of unsubscribing to these communications every time they contact a customer in this way.

Another way the ePrivacy Regulation is putting users back in control of their data is by changing the rules on cookies. At the moment, users are asked to acknowledge the use of cookies at a site level, often through a pop-up window. But both communicators and audiences have found this approach hampers the user experience, delivering a ‘clunky’ feel that neither serves the user or the owner of the data. The new regulation is set to streamline the process by removing the need for audiences to consent to cookies that do not pose a great threat to their privacy, such as those that ‘remember’ which items a user adds to their shopping cart on a retail site. The onus will now be on browsers to give users the option to allow or deny cookies based on user preferences.

What should marketers do next? 

These additional obligations and changes in the consent process mean that marketers who are in the final throes of establishing their compliance programmes ahead of GDPR deadline day aren’t quite done yet.

When designing their consent processes, they will need to keep an eye on the developing ePrivacy Regulation to make sure they can fulfill these important obligations. But with the letter of the law still to be firmed up, perhaps the most important thing for marketers to keep in mind is the law’s spirit – working to ensure that people are only contacted in the ways they actively choose, with the messages they wish to receive.

This consensual, relevant approach won’t just help firms to avoid fines; it will help to safeguard the future of marketing.

Rebecca Morgan data article  By Rebecca Morgan