So, your organisation has just about got to grips with the GDPR. But what about its 'forgotten sibling' the ePR?
The ePR is the ePrivacy Regulation (of course you know by now that GDPR stands for the General Data Protection Regulation (EU) 2016/679). The ePR will repeal the EU Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) and will have direct effect across all EU Member States.
This article outlines the likely impact of the ePR on electronic marketing communications.
What does the ePR cover?
The ePR defines "direct marketing communications" as:
any form of advertising, whether written or oral, sent or presented to one or more identified or identifiable end-users of electronic communications services, including the use of automated calling and communication systems with or without human interaction, electronic mail message, SMS, etc.
How does the ePR work with the GDPR?
The ePR will work alongside the GDPR. The GDPR applies to the processing and storage of personal data whereas the ePR will apply to any organisation that provides any form of online communication service, uses online tracking technology or engages in electronic direct marketing.
What are the impacts of the ePR on electronic marketing communications?
Cold calls getting warmer
From the draft of the ePR it is clear that when it does come into effect there will be a direct requirement that all marketing calls from any organisation will need to have a recognisable prefix in order to let individuals know that it is a marketing call. The recognisable prefix will allow the individual to make free and fully informed decisions whether or not to consent to receiving marketing calls. The required prefix has still not yet been determined.
Over the top communications go under the red tape
Over the top communications, which include instant and social media messaging services (such as Snapchat and WhatsApp) and voice over internet protocol providers (such as Skype) will fall under the same EU laws as telephone calls, email communications and SMS messages. Under the ePR, all online communication providers will now be required to provide the same level of data security for customers as traditional telecommunication providers.
Opt out/Soft opt in
The GDPR requires a positive action (i.e. opt in only) to constitute consent. However, the ePR allows for a "soft opt in" option in certain circumstances for marketing. Soft opt in applies where an individual has a purchased a good or service quite recently from an organisation and did not opt out to receiving messages about similar products or services. This only applies where the organisation:
- obtains the electronic contact details during the sale of goods or services;
- only promotes its own similar goods or services; and
- gives the individual the opportunity to object to each communication.
How to prepare for EPR?
Any organisation that sends electronic messages to individuals to promote their activities or services will need to ensure that sufficient information is provided regarding use of individuals' data for such purposes. If you have any questions around your electronic direct marketing activities, please get in touch.