Draft of the EU ePrivacy Regulation Leaked

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu website this week.

The proposal is for a much stricter regime, requiring prior consent for cookies and any kind of online tracking techniques. Fines for failure to comply may reach as high as 4% of a company’s global revenues.

The proposed new instrument will be a directly applicable Regulation, and is intended to harmonize communications privacy rules with the wider GDPR. Unlike the GDPR, there will be only a 6-month lead-in period from the law being passed, which will not give much time for businesses to react.

The revised rules are particularly aimed at what the legislators call the “surreptitious monitoring” of online behavior, and will have a big impact on third party cookies and tracking that enables often invisible companies to build up profiles of web users’ Internet activity.

There are some changes that will be welcomed by website owners, most notably that web analytics will be exempt from the requirement for consent.

A lot of emphasis is placed on encouraging web browsers to take more active role in mediating consent to avoid the need for overly intrusive pop-ups, but this will rely on some significant changes to the way most browsers currently work – it remains to be seen whether they will be willing and able to take on such responsibilities. What is very likely, however, is that the Do Not Track setting in browsers will take on more significance than it has to date.

As with the GDPR, the new ePrivacy Regulation will have significant extra territorial effects, and will require websites around the world to respect the rights of EU-based visitors.

So, what does this mean for website owners?

This is, of course, a draft, and we can expect much negotiation and lobbying especially from the online advertising industry, before we get to a final text, but what seems inevitable now is that big fines will mean the cost of getting cookie compliance wrong in the future will be much more significant.

It also appears to be inevitable that even with a solid cookie solution in place, website owners will need to take a closer look to ensure its compliance with these new rules.

Companies will also need to pay closer attention to ongoing monitoring of their sites in the future, making sure that they remain compliant with every change they introduce.

OneTrust is actively monitoring the situation, and making sure our clients are prepared for whatever the future for cookie compliance brings.

Click here to download the free OneTrust Incident Management Playbook