GDPR latest: Brussels Gives Legal Reprieve to Marketing Data Users [@SmartInsights Alert]

Latest communications from the EU parliament suggest more leniency for marketers than expected

 

Importance: (For Marketers storing customer data)

Recommended source: DMA- EU DPR agreed

The authorities in Brussels responsible for the new EU data law have undertaken a U turn on the proposed restrictive data law.

EU law

The latest official communiqué on dialogue between the EU Parliament, Council and Commission, the bodies responsible for the forthcoming new law, indicates that the current UK marketing data regulation will be the template for what is to come.

The previous official report of progress on talks indicated marketers would face draconian type rules that would prohibit use of tracking data, and no profiling or segmentation without explicit consent. Now any data that cannot directly identify an individual is considered to be within the boundaries of use. However, in terms of profiling there will be the right of consumers to opt out.

Whether online identifiers such as cookies fall into the definition of personal data depend on where they are placed in the online ecosystem. A cookie placed by an Internet service provider will be classified as personal data as it could identify the individual, but a cookie placed by an advertiser that cannot be linked to an email address or any other personal information is not likely to be presumed personal data. This represents a massive about face by the European authorities.

European Court of Justice

In addition, consumer consent rules have been significantly eased. The previous report stated opt in permission would need to be based on consumers electing to receive messages based on given subject matter and given communications channel. According to the latest statement this is no more, and regulation will be more or less what we have now.

The trilogue responsible for deciding the new regulations – the EU Parliament, Commission and Council – have for the time being relented from their previous stance and put the interests of business, and in particular SMEs first.

For direct marketers the previous stance of requiring consumers to agree to opt in to specific subjects and forms of communication before any messaging could take place has been replaced with consent needing to be ‘unambiguous’ as the key qualification.

Without the change in policy it would have ruled out any leeway to send messages on subjects unless they were agreed in advance, and sent by a method also agreed. The key criteria for consent now is being clear in proposing that communication will take place with an emphasis on transparency and plain language.

The policy change is based on the technicality of legitimate interest now being considered reason for companies to use personal data for marketing purposes.

The revised draft of the law more or less mirrors existing UK rules regarding consent, though all opt in terms and conditions will need to be re-written. Plus there are non specific warnings that data users will have to more rigidly abide by the law, and make careful assessments of relationships with individuals. Quite what this means, and how it will manifest itself is unclear.

European court of justice

Punishment for breaches of the new law are proposed as being as high as 4 per cent of turnover, which for major corporations applies to global income.

The was also concern that companies would be forced to appoint internal data protection officers, but any thoughts of mandatory appointments for SMEs has gone. For larger companies, and those that specialise in processing data, such a position will be compulsory, though most within these two categories will already have a data protection officer.There will be a right to be forgotten, and free access data provision, but the latter only applies in reasonable circumstances yet to be defined.

There will be a right to be forgotten, and free access data provision, but the latter only applies in reasonable circumstances yet to be defined.

These two changes to the law may have the biggest impact for some companies. The right to be forgotten involves creating an easily recognisable way of requesting personal information is erased, and the request will have to be acted upon promptly. For most companies this will involve creating a new data protocol, plus many CRM systems do not have an erase facility. Software changes may have to made.

Access data will be free rather than the £10 than can currently be charged. For major users of consumer data, such as financial companies, providing members of the public with details of their data files could add up to be an expensive procedure.

The latest from announcement from Brussels is a great deal more business friendly than the previous one, but it is too early to assume the situation will not change again. Although unlikely at this late stage in developments there is no guarantee until full and publication of the regulations at the end of March. The European Parliament, which was the member of the trilogue to put forward the most rigid terms, has yet to vote, and there is an unlikely possibility it could veto four years of discussion.

Share your thoughts

  • Also, ” consumer consent rules have been significantly eased”. I entirely disagree. You say: “the previous stance of requiring … opt in … has been replaced with consent needing to be ‘unambiguous’”.

    You may wish to read recitals 25,30,32,34,48 and 51; and articles 7,14,17a,19, 22 and 23.

  • About your “massive about face” comment: If a cookie isn’t linked to an identifiable person, it’s not an online identifier. A cookie may be an online identifier and an online identifier may be a cookie. But all cookies aren’t online identifiers; so the rules haven;t changed at all in that regard. They’ve just been clarified for those who didn’t understand the distinction.

    Do you disagree?

  • Anastasios Dionysiou
    Anastasios Dionysiou commented on January 26, 2016

    More than 90% of Europeans say they want the same data protection rights across the EU, regardless of where their data is processed.

    The Reform package will put an end to the patchwork of data protection rules that currently exists in the EU.

    According to the European Commissions’ press release dated 15 December 2015, the final texts will be formally adopted at the beginning 2016 pending political agreement between the European Parliament, The European Council and the European Commission (Trilogue).

    We must keep in mind that companies based outside of Europe will have to apply the same rules when offering services in the EU. In case of non-compliance penalties will be severe.

    The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by governments (except if data is processed for national security purposes). So do keep in mind that the new rules will become applicable two years thereafter (i.e. enforcement to start in Spring 2018).

    During this two-year transition phase, the European Commission will inform citizens about their rights and companies about their obligations.

    More information may be found here: http://ec.europa.eu/justice/data-protection/

    • Thanks for extra information Anastasios. It is key to note, as you right do, that the law will also have to apply the same rules when offering services in the EU. The GDPR will have global ramifications.

  • Good to see you at my workshop Dene yesterday at Brand Exchange. We need to await the publication of the GDPR in the wake of the vote of the European Parliament second reading. Once this has taken place I will be writing the next blog in the series on GDPR.

Get FREE marketing planning templates

Start your Digital Marketing Plan today with our free Basic membership.

  • FREE fast start guides to review your approach
  • FREE digital marketing plan templates
  • FREE alerts on the latest developments

Need help with your Digital Marketing?

Get more from your digital marketing with in-company or remote training and consultancy from Smart Insights

Get FREE marketing planning templates

Start your Digital Marketing Plan today with our free Basic membership.

  • FREE fast start guides to review your approach
  • FREE digital marketing plan templates
  • FREE alerts on the latest developments