Twitter

For up-to-date news and views, follow our legal team on Twitter. 


twitter logo

 

Press enquiries

For press enquiries please contact:

Felicity McClintock

T: 01242 514000
E:
 felicity.mcclintock@willans.co.uk

What businesses need to know about the proposed E-Privacy Regulation

There has been a lot of talk recently about the General Data Protection Regulation (GDPR), but not so much about the new proposed E-Privacy Regulation (EPR), the breach of which will carry the same significant fines as that of the GDPR.

The EPR is intended to replace the existing E-Privacy Directive, which deals with the protection of personal data in electronic communications, for example when using cookies, sending unsolicited marketing emails, and online monitoring. It is intended to bring this area of law up-to-date with the e-privacy laws contained in the GDPR.

The European Commission is planning for the EPR to be implemented on 25 May 2018 (alongside the GDPR). As we will still be a part of Europe then, it will apply directly to the UK. The regulation is in draft form, so it may change before being implemented. It may also be delayed, however if the implementation date is after Brexit, the UK will no doubt adopt very similar laws.

The new EPR will carry the same maximum fines as under the GDPR, which can be up to 4% of annual worldwide turnover of the preceding financial year or 20 million euros (whichever is greater). Businesses that use such electronic communications should therefore be aware of the new proposed regulations and start preparing for them now.

So what are the key changes in the draft E-Privacy Regulation?

  • The regulation will have a wider scope than the existing directive and includes all types of electronic communications service providers such as Skype and WhatsApp.
  • All electronic communications must be confidential, and user consent is required for the listening, intercepting, scanning and storing of electronic communications.
  • Content and metadata will need to be anonymised or deleted if users have not given consent, unless they are required for certain purposes such as billing.
  • Users must give their consent before any unsolicited commercial communications can be sent to them. However, the current ‘soft opt-in’ rule for electronic mail is maintained.
  • The regulation requires providers of browsers and similar software to offer built-in settings which mean that the use of cookie banners may no longer be needed. Cookies that enhance the website user’s experience and ensure that it functions properly will not require consent.

Caroline Leviss is an associate, solicitor in our corporate & commercial team. She advises directors, partnerships, SMEs, sole traders and national companies on the full range of corporate and commercial work. She has extensive experience, including mergers and acquisitions, company reorganisations, banking, venture capital and joint ventures, and is noted for her "calm and robust position under pressure".

Caroline Leviss
Caroline Leviss
.(JavaScript must be enabled to view this email address)