On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted and triggered the start of a two-year countdown towards its enforcement date on May 25, 2018.
During these two years, all companies that collect data about European citizens and residents have to make a number of changes to their current policies and agreements with their partners to ensure they comply with the rules outlined in the GDPR.
In addition, there’s also the ePrivacy regulation, which is still in the process of being negotiated in a trialogue involving the three legislative European Union institutions.
As online advertising and marketing companies collect vast amounts of user data every day, both the GDPR and ePrivacy will have a substantial impact on their business operations.
Ask us anything about the technical side of the GDPR
Much has been written about the GDPR and ePrivacy as well as the legal requirements online advertising and marketing companies must meet in order to become compliant, and rightly so.
However, as the online advertising and marketing industries are powered by technological platforms and processes, the GDPR and ePrivacy will require companies to make changes to the way their AdTech and MarTech platforms operate to comply with these two regulations and adhere to their newly updated policies.
In our free guide, we outline the main areas of the GDPR and ePrivacy regulations that will have a direct effect on the online advertising and marketing ecosystem and explain what it means from a technical perspective for AdTech and MarTech companies.
Click here to view the table of contents and download your free copy!
What is the GDPR?
The General Data Protection Regulation (GDPR), or Regulation (EU) 2016/679 as it’s known in official contexts, is a regulation spearheaded by the three legislative European Union institutions: the European Parliament, European Commission, and Council of the European Union.
It will replace the current Data Protection Directive (Directive 95/46/EC) when it comes into force on May 25, 2018.
The goal of the GDPR is to return control to data subjects in the union over their data and make the regulatory environment simpler for international business.
What is ePrivacy?
The ePrivacy directive is a piece of EU legislation that also aims to protect the data and privacy of EU and EEA citizens and residents, but with a focus on respecting their private lives when using electronic communications.
Within the online advertising and marketing industries, the current ePrivacy directive is often conversationally referred to as the cookie law because it regulates the usage of cookies, among other identifiers. However, it relates to the protection of privacy in the electronic-communications sector as a whole, not just the usage of cookies for online advertising and marketing.
Currently, ePrivacy is a directive, but is in the process of being transformed into a regulation, which will also repeal the current directive.
It is not known when the ePrivacy regulation will come into force, as the proposal is being negotiated between the three EU legislative institutions (see below). Some within the industry say that it will likely be enforced around the same time as the GDPR — May 25, 2018 — while others see a late-2018 commencement date.
Given that it is still in progress, the final version of the ePrivacy regulation may still affect how AdTech and MarTech platforms interact with online identifiers based on the GDPR itself and the current state of ePrivacy.
What’s the Difference Between the GDPR and ePrivacy?
Both the GDPR and ePrivacy are based on Articles of the EU Charter of Fundamental Rights, a document containing the rights and freedoms protected in the EU.
The GDPR is based on Article 8 and relates to the protection of personal data, whereas ePrivacy is based on Article 7 and relates to respect for private life.
In simple terms, the GDPR is focused on data protection, and ePrivacy is focused on the right to respect a data subject’s private and family life, home, and communications.
Also, ePrivacy is lex specialis of the GDPR, meaning that when the two regulations cover the same situation, ePrivacy will override the GDPR.
Download our free GDPR & ePrivacy guide for AdTech/MarTech companies to continue reading…