Cookie regulation in the EU is the most robust data privacy system globally, requiring users’ express agreement before cookies may be enabled on your website, along with the General Data Protection Regulation (GDPR).
Learn about EU cookie regulation (ePrivacy Directive) and consent management software (CMP) that can help your website automatically comply with all the requirements.
Directive to Regulation on EU Privacy
Is there a reason for this, and how does this new ePrivacy Regulation vary from current one? As the first point of distinction, the newcomer is referred to as an ePrivacy Regulation rather than an ePrivacy Directive.
To put it simply, the new ePrivacy Regulations become self-executing and then become legally enforceable throughout the EU. In contrast, its predecessor—the ePrivacy Directive—needed local rules for implementation, which resulted in a lack of uniform enforcement.
This is why the new ePrivacy Regulation supports the GDPR and, like the GDPR, aims for consistency throughout the single digital marketplace as a Regulation rather than a Directive, as well as “improving” the present so-called “cookie regulation” and including new kinds of electronic communication (IoT and more).
The GDPR, as well as the Privacy Regulation, have more Points of Contact than that
When it comes to the EU’s GDPR, the ePrivacy Act is the lex specialis. “Principe lex specialis derogat legi generali,” or “principle lex specialis derogat legi generali,” is an underlying legal concept that states that the lex specialis (ePrivacy Regulation) trumps the lex generali, which is the GDPR (personal data security in general).
There is a new set of regulations controlling the free movement of NON-personal information in the EU, which even the European Commission proposed in October 2017, alongside the GDPR and the ePrivacy Regulation, as part of EU data protection framework reform.
What Will Be Different About the Privacy Regulation?
Several improvements have been made to the EU’s ePrivacy Directive due to this new Regulation.
We don’t know when the privacy Regulation will be published or implemented. Still, we don’t expect it to happen anytime soon, given the following facts: One, the EU Parliament’s plenary adopted the altered suggested language as a part of Lauristin’s report at the end of October 2017; and two, there are differing views between the EU Parliament draught “as it is accepted” and the EU Council draught.
On October 19th, 2017, the LIBE Committee approved an amended version of the proposed text, which included several new stipulations regarding cookies or other Internet and digital communications service and provider impacts. In a plenary session, the EU Parliament then approved the amended text.
The European Union’s Privacy Directive and Cookies
Even though the ePrivacy Regulation has been referred to as the “cookie legislation” by some, it’s much more than that. There is a lot of change in the works when it comes to cookies and cookie permission.
The ePrivacy Regulation focuses on making cookie consent more “user-friendly” by simplifying the regulations.
Simply Yes or No to These Two Simple Cookie Rules:
Cookies and other ‘identifiers’ may be accepted or rejected by website visitors via browser settings, according to the current plan.
You will see more and more websites that present pop-ups stating “sorry, no visit if no cookies,” like we now see with ad blockers if you use chrome browser for cookie consent/refusal. In most cases, if the site does not worry about cookies, one pop-up will be replaced by another one on the site level.
As you will see in the paragraph that follows, this is a common issue among delegates and a good starting point for discussion: the possibility that the cookie technique may fall short of its intended outcome. However, the legislators have addressed the problem of making some of the most contentious judgments in the internet media sector.
In the proposal, “non-privacy invasive cookies” that enhance the user’s Internet experience are not required to get permission.
A few examples are cookies used in e-commerce, cookies for Google Analytics, and cookies for remembering shopping cart histories, to name a few. Using cookies for internet ads isn’t likely to improve the Internet experience, but that doesn’t mean it won’t happen.
It is Not Easy to Advertise and Market Cookies:
Of course, there is still work to be done, including consultations with different stakeholders, including those in the advertising industry, to produce the draft language.
First- and third-party cookies (“the backbone of digital advertising”) are discussed in detail in Deloitte’s 432-page study for the European Commission.
There is no need to tell you how many cookies we’re dealing with in terms of marketing automation, viewer measurement, connected datasets of 3rd cookies (e.g., enabling retargeting, to name something still reasonably straightforward), social media network cookies, analytics cookies, etc. on.
According to the so-called “Cookie Sweep” in 2014, the average number of cookies on the evaluated media, public sector, or e-commerce sites (in the EU) was roughly 28.9, with 70% of those cookies being third-party cookies in the Deloitte study.
When Is the Eprivacy Regulation Going into Effect?
Because the February draft of the ePrivacy Regulation is still merely a recommendation from the EU Council, no timetable has been set for its implementation. Twenty days following the Regulation’s publishing in the EU State Journal, the ePrivacy Regulation would take force and begin to apply two years later.
Although the trialogue talks may go many various paths, it is difficult to predict when the ePrivacy Regulation will occur. Several EU countries are demanding stricter data privacy measures already included in the present drought.
Electronic communications on public networks and services in the European Union will be governed by the EU Council’s ePrivacy Regulation 2021 if it is adopted. While cookies & trackers used on websites are not a strong focus of the ePrivacy Regulations, they are covered. They would need express agreement from users to be enabled on your website, as the GDPR currently demands.