Page 119 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 119

Six Essential Questions About “ePrivacy”


            by Alex van der Wolk, Privacy + Data Security Group Global Co-Chair, Morrison & Foerster





            In the realm of privacy and personal data, 2018, thus far, has been all about the General Data Protection
            Regulation (GDPR). We have seen more talk about consent, privacy notices, access requests and data
            protection officers in this year than we’ve seen in the last decade. For many, the GDPR has meant a
            substantial investment and reform of their business practices. I would love to say that that’s it, but the
            truth unfortunately is that there is a tail to the privacy reform which not everyone may be aware of. That
            tail is the new EU ePrivacy Regulation that governs certain forms of marketing and the use of cookies
            and other online technologies. Here are six things everyone should be aware of.



             1.  What  is  this  ePrivacy  all  about?  Unlike GDPR,  which  regulates  everything  that  has  to  do  with
            personal  information,  ePrivacy  has  a  more  narrow,  yet  more  specific  scope  of  application.  ePrivacy
            regulates  certain  forms  of  digital  marketing,  such  as  email,  but  also  SMS  and  soon  possibly  also
            marketing via messenger services such as Whatsapp. But that’s not all. All the cookie pop-ups you’ve
            been seeing on websites over the years? That’s also ePrivacy. And in that domain the requirements are
            to be expanded also (think device fingerprinting, pixel (re)targeting and any other technology facilitating
            online tracking and conversion). And then there’s a new area ePrivacy is set to regulate, namely where
            digital marketing intersects with “brick and mortar”, such as beacon advertizing, wifi tracking, bluetooth
            marketing – technologies that rely on the proximity of devices.



             2. But doesn’t GDPR already cover all of this? Well, yes and no. The title ePrivacy may be a bit off-
            setting here. Unlike GDPR, which applies to anything that has to do with personal information (regardless
            of the technology used), ePrivacy rather regards just the technology. In fact, for ePrivacy, it doesn’t really
            matter whether personal information is at stake or not. The mere use of a covered technology may already
            qualify you for ePrivacy applicability. This also highlights the real tricky part about all of this: it is very well
            possible that ePrivacy and GDPR apply both at the same time. If you engage certain technology that is
            covered by ePrivacy AND that use also involves personal information, you may have to comply with both
            ePrivacy and GDPR.







                                 119
   114   115   116   117   118   119   120   121   122   123   124