This edition of the digital advertising update looks at the current status of the EU's controversial new ePrivacy regulation, points out the disconnect between legislators and industry groups and questions the timing of the introduction of ePrivacy.

Related links
Primer on ePrivacy by the European Commission
"Like a bad dream" – Anti-ePrivacy Campaign Site by Industry Group IAB UK
Open letter slamming ePrivacy Proposal by Industry Group European Publishers Council

Video transcript

Hi. This is Stefan from admetrics with the Digital Advertising Update.

Today, I want to talk about the EU’s new controversial ePrivacy regulation, which recently crossed a major legislative hurdle. I will be referring to this new regulation as “ePrivacy” for short.

So, what is ePrivacy and why is it important?

ePrivacy is an update to the previous data protection directive and will be a crucial part of the grand new European privacy framework. By now, most of you are aware of GDPR, which is another part of the same framework that will go into effect starting May 2018. ePrivacy is a separate component that has been drafted by the European Union’s Committee on Civil Liberties, Justice and Home Affairs for the past couple of years and is now in the parliamentary approval stage. So, technically speaking, this regulation is not here…yet.

In its most recent draft, ePrivacy will have far-reaching, fundamental consequences for advertisers, ad tech providers and consumers in Europe. Reading the current draft of the regulation is actually pretty alarming, and considering its huge potential impact, it’s surprising that there’s so little talk about it.

What’s the issue with ePrivacy?

While GDPR is concerned with explicit consent for the use of personal data—which is understandable and manageable—ePrivacy is aimed at demanding explicit consent for *all analytical data*, *in general*. The basic approach of the regulation is that user tracking of any kind will not be allowed, and therefore *prohibited* by default.

In other words, tracking users for commercial purposes or direct marketing is prohibited—unless you have user consent

Unsolicited direct marketing, including e-mail Marketing, is prohibited—unless you have user consent.

Tracking users for analytical purposes or to provide personalised content is also prohibited—unless you have user consent.

From where we stand, getting this consent is going to be a huge challenge. Browser vendors will have to turn off tracking by default, and it seems unlikely that many users will manually opt-in via their browser settings. Also, the regulation prohibits publishers to deny access to users who have not consented to tracking, which eliminates the most obvious motivation for users to consent.

The feedback from industry groups that took part in the draft process has been overwhelmingly negative.

A majority points to the significant costs of compliance and sees differences in national enforcement of ePrivacy as considerable challenges for businesses. Some groups, with the publishers being especially vocal, expect that ePrivacy will “endanger existing business models” and “seriously stifle new opportunities and innovation related to use of data”. One—rather shrill—prediction stated that “the EU is killing the internet”.

We don’t necessarily share that exact viewpoint, but to us it looks like this regulation has the realistic potential to deal a major blow to data-driven or behavioural advertising because of ePrivacy’s broad prohibition of data collection without user consent.

Where’s the regulation at right now?

On October 26th, the European Parliament voted in favour of adopting ePrivacy. This vote was a close one, but it eventually passed. So, the regulation will most likely be implemented, the question now is when and how exactly.

The next step in the process is a legislative specialty of the EU: the *trilogue*. This means that the European Parliament will be discussing the implementation with EU member states and the European Council.

Most likely the regulation will be heavily amended during this process, depending on national initiatives. And at this moment, it is completely unclear when the final version will be ready to be agreed upon.

But from what it looks like, the parliament is eager to put ePrivacy into action, aiming for full implementation together with the GDPR in May 2018.

Which is actually the second problem with ePrivacy that we see, namely: timing.

With the final regulation not even close to being finished as of November 2017…

an unknown number of amendments still to be addressed…

and considering that GDPR was introduced with a grace period of *2 years* while having way less impact than ePrivacy...

...this timing seems pretty fantastic, even for EU standards.

However, that’s where ePrivacy is at right now, which is why we suggest getting familiar with it.

We will follow the development closely to see where ePrivacy is heading next. If you want to know more, do check out the links in the description and follow this channel for updates.

Our website is This is the Digital Advertising Update. Until next time.

Show more Hide transcript
Get in touch if you have any questions: [email protected]