The E-Privacy Regulation: What does it mean for your business?24 Jul 2017
In recent years, the world of communications has changed dramatically. There are now a range of ways with which we communicate electronically every day – including WhatsApp, Viber, IMessage and Skype – which did not exist at all a few years ago. Our willingness to embrace new technology and our demand for instant communications has therefore left the current law in this area out of date.
As such, the European Commission has proposed a new draft Regulation to deal with this change. As this is a Regulation, it will be directly applicable in all EU member states. Like the GDPR, the E-Privacy Regulation is due to enter force by 25 May 2018 so, despite Brexit, this is something businesses still need to care about.
Who does it apply to?
Similarly to the GDPR, the Regulation applies to all electronic communication services provided to end users resident in the EU (whether paid for or not). This means that the Regulation will apply to non-EU companies if users within the EU make use of their communication services.
What are the key changes?
- All electronic communications are confidential and any interference in electronic communications without consent (for the meaning of consent, see below) is now prohibited.
- Information regarding the timing, location and duration of a call or message and any browsing history needs to be anonymised or deleted if retention consent hasn’t been provided by the individual, unless the data is required for a set and justifiable purpose e.g. billing.
- Prohibition on accessing information held by the user’s electronic equipment, e.g. a tablet or mobile phone. If the provider wants to access such information, consent will be required.
- In respect of e-marketing, the current protections remain mainly the same. A new rule means that marketing callers may not block their caller ID or, if they do block such ID, they must still use an identifying number.
What are the penalties for non-compliance?
Failure to comply with the Regulation could result in eye watering fines of up to €20,000,000 or 4% of annual worldwide turnover (whichever is higher).
For the purpose of the Regulation, consent means the same as under the GDPR, and must be “freely given, specific, informed and unambiguous”. This is a high threshold that can be difficult to achieve.
It is important that businesses begin reviewing the scope of their e-communications and marketing activities and determine whether any of the changes to be introduced by the Regulation will affect their business. As the potential penalties for failure to comply with the Regulation are high, businesses should begin preparation for the changes to be introduced by the Regulation as early as possible.
If you would like further information in respect of this, please contact us or call James Wall on 0161 838 7996.