GDPR isn’t the only new data law marketers need to get their head around

Marketers need to spare some thought for the proposed revision to the EU ePrivacy directive that could have a big impact on cookies and targeted online ads, according to the World Federation of Advertisers’ Catherine Armitage.


Right now, GDPR is hot. There are just four-and-a-bit months to go and panic is setting in as many start to realise the implications of the new systems they should have been working on for the last two years.

But today’s intense focus on GDPR is potentially overshadowing another, perhaps equally important, debate bubbling up in Brussels. One that could have just as much of an impact on marketers: ePrivacy.

The current ePrivacy directive, which came into force in 2012, is responsible for all those annoying banners you get whenever you visit a website for the first time.

Typical cookie banners read as follows: “By continuing to use this site you consent to the use of cookies on your device as described in our cookie policy. You can change your cookie settings at any time.”

However, the rules are now regarded as pretty ineffective, even by the European Commission – as many countries have simply required websites to run cookie banners.

As part of the process of revision, three different bodies will publish draft versions of what they would like the updated ePrivacy regulation to look like before trying to reach a compromise.

So far, two draft texts have been published: the European Commission’s and the European Parliament’s. National governments in all 28 European countries (including the UK) are currently in discussions to agree what their draft text should say, although this could take another six months.

However, the drafts that have currently been published – if unchanged – could have a significant impact on the use of cookies and other tracking technologies that are widely used to target and deliver online advertising.

In particular, there are two key issues for marketers:

No permission, no tracking – One of the major focuses of the revision is ensuring that, in the future, people provide opt-in consent for cookies or other types of tracking technologies. This has implications for online advertising.

1) If lots of people choose not to opt in, this could massively reduce the ability of programmatic advertising to reach specific audience segments.

2)  This could mean that advertisers have to think about shifting their digital ad spend into the small number of channels such as Google and Facebook that can continue to leverage user data via consent as part of the log-in process. This would reduce the pool of publishers and potentially drive up costs as data comes at a premium.

3) This could also affect tracking that is used to develop more personalised and tailored experiences on brands’ digital platforms. Although the draft texts include some exceptions, for example tracking necessary to provide the service, the user experience could be impacted.

Consent gatekeepers – Policymakers have proposed that all consent requests should be centralised within the privacy settings of the software being used, rather than via pop-up banners on every website. What this means is that the first time a piece of software is downloaded, a user would have to choose whether or not to accept tracking on all websites.

This means that getting consent to track online browsing habits will fall into the hands of four companies, representing 90% of the browser market: Google (Chrome), Apple (Safari), Mozilla (Firefox) and Microsoft (Edge).

1) Some of these companies are also active players in the online advertising industry and that could limit advertiser leverage in negotiations.

2) This process shifts the consumer’s decision to an ‘all or nothing’ swipe during an installation process, leaving no room for an effective value exchange related to an individual brand.

The argument against  some of the draft texts is that many of the stated goals could be met through GDPR. Come May there will be new wide-reaching rules on how people’s information can be collected and processed by companies, including for online advertising.

The introduction of these rules is likely to have a significant impact on how data is collected for programmatic and other types of digital advertising. In fact, it might even solve the ‘cookie problem’ before the ePrivacy revision is finished.

The WFA has been posing a number of critical questions to policy-makers as they embark on the next round of discussions. Right now, none of the changes are set in stone and marketers still have the opportunity to make their concerns known.

It may be wise to put GDPR aside for a moment to register your concerns about ePrivacy.

Catherine Armitage is the WFA’s senior public affairs manager in charge of Digital Governance Exchange.