The GDPR Handbook for Concerned Marketing Teams pt. 4: ePrivacy Regulation

So, now that we have the opt-in options on the table, let us dive into muddier waters. For the fourth post of the GDPR Handbook for Concerned Marketing Teams, we bring you the Proposal for an ePrivacy Regulation.

This is a game-changing regulation that focuses on the wellbeing of European Union’s online advertising landscape. Its intricacies are too much of a burden for us, so we resorted to ePrivacy’s CEO, Prof. Dr. Christoph Bauer, once again for some expert insights.

But let us give you some context before we dive too deep.


The Road So Far

The “recent” nature of online data collection brought with it a severe lack of regulation. That absence of control lays at the core of the EU’s decision to implement the GDPR.

The complexity of the subject is such that the European Commission built yet another set of rules regarding online data collection and processing: the Proposal for an ePrivacy Regulation. This proposition is missing approval but its enforcement is due to begin in May 25th 2018, just like the GDPR. It aims at replacing the ePrivacy Directive 2002/58/EC, which is fairly outdated.

But this Proposal for an ePrivacy Regulation raises new problems, the emergence of the matter being the smallest of them.

What’s the deal with the ePrivacy Regulation?

The Proposal for an ePrivacy Regulation clearly stands by the need for consent the GDPR already foresaw.

Where it deepens the GDPR assumptions is on its understanding of where to define the frontier for third-party cookie collection. While information on cookie issues is to be found on articles 8 and 9, recitals 21 to 24 focus on the tracking and third-party cookies issues. The proposed document goes as far as stating the decision on which cookies a company can collect should be set by the user at browser-level.

This means you decide whether or not a company can collect data about you even before you open their website, and while that ensures the end-user won’t be hassled by some companies, it also means he won’t be reached by those he would like to hear from. And this is only the beginning of the problem: if we move the needle from end-users to companies’ perspective, the problem is much more complex.

What do experts think of that?

We leave it to Prof. Dr. Christoph Bauer, from ePrivacy, to draw conclusions from these assumptions:

“This regulation would dramatically change the Internet like it works and is used now. Many publishers offer their content without separate remuneration, but in return ask the user for certain data, e.g. to optimize the distribution of advertising which finances the content. As it is not probable that users directly opt in for cookies, many publishers won’t be able to maintain their offerings. The same applies to technology providers that work with these data and an opt-out mechanism. For them as a third party it will hardly be possible to achieve the opt-in of the users. These providers will need to change their business model significantly and there is a danger that they will have to stop their businesses completely.”

This position is fairly widespread throughout the online advertising landscape, but debate is humongous and consensus is not within sight. Nonetheless, IAB Europe’s CEO Townsend Feehan agrees that the current draft would render online advertising nearly impossible.


Ongoing talks between the EU, advertising and people’s groups representatives are trying to find a common ground on the topic. The next meeting took place a few days ago, so stay tuned for more information on this subject.


This post is meant to showcase some information on the GDPR but it does not substitute for a legal team. Please make sure you have consulted with your legal department before taking any action regarding the implementation of this regulation.
2017-09-26T12:27:15+00:00 September 21st, 2017|Marketing|