ePrivacy, Insights

Update on EU’s ePrivacy and Data Protection Directives 2018: Digital Advertisers, It’s Time to Get Ready!

From 25th May 2018, there will be a new law introduced in Europe which will cause a headache for many digital marketers: The use of cookies will be significantly tightened to protect consumer data and privacy. However, cookies form the technical basis for precise targeting in digital advertising. We reported about the possible implications some time ago – time for an update!


The European Union has presented a stricter programme for data protection across Europe with the General Data Protection Regulation (GDPR) and the revised ePrivacy Directive. Especially in times of extreme data leaks and cyber attacks, there is no objection to be raised against better protecting consumer data and privacy levels. Yet, the digital industry is still not sufficiently prepared for the new regulations which become valid from May 2018 onwards.


ePrivacy Directive Unsettles Digital Industry and Consumers


It was only in June that the second draft of the ePrivacy Directive was published. The new directive could even override the basics of digital marketing. Since then, a lot of industry representatives in Brussels have been seeking to put off the go-live date of the directive. As is well known, however, postponement doesn’t mean cancellation, and we’ve already seen how unyielding the European Union can be. This new second draft has been significantly tightened compared to the first version. So what is the core issue?


Consumers are to give their active consent to the use of cookies in the future. The passive use of cookies in the background, as is common practice today, is consequently no longer permitted. In response to the European Union’s data protection efforts, some browser manufacturers have already adapted their products. For example, in July, Mozilla introduced a new feature for private browsing. “Browse without a trace” is the promise and thus the browser industry becomes the gatekeeper for usage of consumer data in the form of cookies.


Blocking Cookies Cannot be a Sustainable Solution


What may be a nice gimmick from a browser provider’s point of view, with which they can display the attractiveness of their model compared to the competition, does not provide a satisfactory answer to the question: How can we deal with cookies in the future? Blocking the way is not a solution at all; it simply suppresses the problem, in the truest sense of the word. From the viewpoint of advertisers and publishers, cookies are essential. They form the basis for precise targeting. And even from a consumer point of view, cookies create added value that most would only see by taking a second look: Personalised advertising is relevant. It is arranged in terms of content, time and location according to the user’s context. To make this technically possible, the entire online industry has been investing heavily in digital advertising technology for many years.


Do we really want to make a U-turn and annoy consumers with flat, impersonalised and unappealing advertising messages? That would be the beginning of the end of digital advertising. What remains is just the utopia of an online world without advertising, yet this idea is naïve given the size of the advertising industry. In the US alone, approximately 120 billion dollars will be spent on online advertising by 2021. Digital advertising is an industry in itself and online business without advertising just does not work.


Check Compliance with ePrivacy Directive Now


Advertisers should not hope to postpone or diminish the ePrivacy Directive. This is why it’s now the time to take the necessary steps to ensure compliance with it. The focus should be on the technology used for digital advertising campaigns. If you have outsourced your ad servers to partners, consult with your technology partner using the following checklist. If you run your own ad server, the questions are of course just as applicable for your own organisation and the underlying technology.


  1. What user data is collected, processed, and, if necessary, shared when using the technology?
  2. Is the IP address of users also recorded and processed?
  3. Are user profiles created with the inclusion of personal data or the IP address?
  4. Where is the data processed?
  5. How long is the data stored?
  6. What is the legal basis for processing?
  7. Are affected users allowed to exercise their right to information, their right to have data deleted and have a possibility to appeal?
  8. What organisational and technical measures have been taken concerning data protection?
  9. The ePrivacy Directive makes provisions for technical design and default privacy settings such as ‘privacy by design’ and ‘privacy by default’. Have the appropriate measures been set or are they set to come into force?


The bottom line: The new EU legislation on data protection requires a more stringent handling of consumer data. Even if the precise details of the ePrivacy Directive have not yet been finalised, advertisers should start preparations now for the new legislation. Using our checklist, you can create an initial overview and review the compliance level. If you have any further questions, please do not hesitate to contact me as a data protection officer at adverserve – just send me an email!

Voriger Beitrag Nächster Beitrag

Ähnliche Beiträge

No Comments

Leave a Reply