The privacy landscape has experienced a remarkable shift in the past year. GDPR has led to a lot of questions and short-term fixes. This year the ePrivacy directive is on the doorstep, bringing more to cope with. But the most important trend isn’t legislation: privacy is becoming more of a subject to end-users. So what happened in field of digital analytics since the 25th of May? What can organisations do to improve the quality of data and customer experience? And what digital strategies and tactics can we use today and beyond?
GDPR and ePrivacy: The three differences you need to know
After months of waiting, the EU's General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and user inboxes were flooded with emails alerting them of changes to company privacy policies. However, even though the world has (mostly) accepted GDPR and kept moving forward, that isn't the end of EU-privacy regulations for the tech industry.
On the heels of GDPR comes the ePrivacy regulation, a separate regulation that focuses on ensuring individual privacy as it relates to electronic communications. While the final draft of the ePrivacy regulation didn't make it out in time to release with GDPR, it is in the works and expected to release soon.
As such, it is important that companies understand the different ways in which the GDPR and ePrivacy regulations will affect their business. Here are the three differences that business leaders and professionals need to know.
1. ePrivacy specifically covers electronic communications
While the GDPR is the general regulation for personal data stored or used by a company, ePrivacy is lex specialis to GDPR when it comes to communications. What that means is that, when a dataprivacy issue is raised regarding communications, regulators will default to ePrivacy for that given instance. The two are meant to complement one another.
The ePrivacy regulation is an update to the standing ePrivacy Directive, which was originally put into place to guarantee "right to privacy in the electronic communication sector," according to the directive. The directive originally focused mainly on email and SMS messages, but the proposed regulation would also address dataprivacy in services like WhatsApp, Facebook Messenger, and Skype, along with Internet of Things (IoT) devices.
Additionally, the ePrivacy regulation will also protect metadata associated with electronic communications as well.
2. ePrivacy includes non-personal data
GDPR is laser-focused on the protection of personal data, but the ePrivacy regulation is focused more broadly on the confidentiality of communications, "which may also contain non-personal data and data related to a legal person," the proposal states.
The original ePrivacy Directive is often referred to as the "cookie law" because it imposed the need for informed consent before a firm could track an internet user with cookies. The regulation will add new clarifications and simplifications for the consent rule, along with other new tools for protecting against unwanted communication tracking and more.
3. They have different legal precedents
Both GDPR and the proposed ePrivacy regulation reflect similar aspects of privacy, but they do so from the perspective of different legal charters.
*Price incl. coffee/tea/water, lunch, snacks, afternoon drinks & bites, excl. VAT. Vaild until February 1st, 5:00 PM.