Strictly Private: The ABCs of CDP and ePR

October 19, 2018

Last May, when Europe’s GDPR law went into effect, it was clear the rules of customer engagement would change significantly for consumers, and for companies both in the EU and for those outside whose customer engagement included sales within Europe. But GDPR, which obligates companies to protect the privacy of personal data and adhere to consumer preferences for engagement, was not intended to be the whole story on ensuring consumer privacy. A second, even larger regulation, ePrivacy, was planned to become law along with GDPR, but has been delayed in a prolonged editing process and it currently exists as the EU’s ePrivacy Directive.

This is due to change, and while a firm date has not been set for ePrivacy Regulation to become law, many believe it will do so before the end of 2020. According to Matthias de Bruyne, legal counsel for the Data Driven Marketing Association (DDMA) in Amsterdam, “the legislation currently sits with the Council of the European Commission and there’s a lot of pressure right now from those who have been working on it for the Council to reach an agreement by December, so it can go into trilogue with the European Commission and European Parliament and finalize the law by April before the European Parliament’s elections.”

As with GDPR, companies will be given a grace period to comply with ePrivacy regulation, but will need to prepare well ahead to ensure they are in compliance on the allotted time schedule. “Right now,” de Bruyne explains, “the ePrivacy Directive allows a lot of interpretation and countries have their own implementation of the ePrivacy rules – for example Germany and the Netherlands are very strict, whereas other countries such as Ireland, are much less so.  As a result an organization can currently look for the minimum standard in each member state as opposed to having to adhere to an EU-wide standard. After the ePrivacy Regulation enters into force, the differences will be much smaller, so there will be less to choose.”

ePrivacy, which has been called the “Cookie Law,” will extend beyond regulating the direct relationship companies have with their customers by regulating further how all EU consumers can be marketed to, including via advertising, telemarketing, email, and social media.

Compliance with this will mean ensuring that companies must have a clear picture of the state of their customer data, ways to ensure their data is consistent and up to date, and an ongoing knowledge of consumer preferences as they evolve. Customer Data Platforms are well positioned to take a lead helping to ensure that is possible.

According to MarTech Advisor, “there are two laws because they are derived from two different rights in the European Charter of Human Rights….The GDPR covers the right to protection of personal data, while the ePrivacy Regulation encompasses a person’s right to a private life, including confidentiality.” IAB Europe, in its FAQ on ePrivacy states the regulation would “introduce rules allowing users to set general privacy preferences in their browsers and other software, which would be binding on and enforceable against any other person.” Additionally, as Pravin Kothari, CEO of CipherCloud states in CMSWire, “the regulation is expected to include specific language ‘with respect to the confidentiality of communications data such that listening, observing or monitoring a user specifically on a website is prohibited.’”

According to CMSWire, experts advise companies to, “take inventory of your current data, work with the teams that have the best insight on data infrastructure and finally adopt a data-privacy program that adheres to the most strict laws…. Andrew Frank, vice president distinguished analyst for Gartner for Marketing Leaders, said in the same article, “Trying to keep up with different privacy laws on a case-by-case basis will be a nightmare to try to stay on top of for marketers. It becomes much more costly and risky to try to maintain a hodgepodge of separate privacy policies rather than have one global policy that works everywhere.”

The CDP Institute recognizes this a very important and evolving area, so welcomes input from readers, and we will continue to explore ePrivacy and GDPR topics as they relate to CDP technology and use.