ePrivacy Regulation Is Just Around The Corner…(aka Winter Is Coming!)

Compliance with GDPR has not been plain sailing and Compliance Compendium’s Gareth Gadd believes the ePrivacy regulations, which will launch later in the year, will be just as tough.

A study from IT Governance late last year revealed that 71 per cent of organisations were still not GDPR compliant.

Gareth Gadd said, “And if GDPR wasn’t difficult enough to get your head around, the regulatory environment is going to get tougher and much more complicated when the ePrivacy regulations (aka ePR) come along later this year. Actually, it should have become law when GDPR became law (aka The UK Data Protection Act 2018).

“Currently in the UK we have The Privacy and Electronic Communications (EU Directive) Regulations 2003 (aka PECR). The lobbyists have done a good job of holding ePR up, but they have only delayed the inevitable.”

PECR relates to methods of electronic communications such as emails, faxes, texts and phone calls; website cookies; the security of public electronic communication services; and the privacy of end users.

Similar to the previous UK Data Protection Act, where enforcement and fines were fairly light, but ePR is likely to increase this. Gadd stated that ePR will extend the scope of PECR to include end-to-end privacy of data in transmission and metadata gathered. These regulations will operate in tandem but do not cover inter-company communications.

He added, “In practice this means that listening to calls, scanning of electronic messages, monitoring of visited websites, and the monitoring of interactions between users will breach the regulation. The main sorts of services affected will be Over-The-Top services (OTT’s) such as Voice Over IP (VOIP) like Skype, instant and social media message services (e.g. Facebook, WhatsApp etc.); cookies used for cross-selling and advertising with more user-oriented control; unsolicited communications; and the Internet of Things (aka The IoT).

“The penalties for breaching ePR will be the same as for breaching GDPR. And just in case you were wondering, yes it will be unaffected by Brexit because we want to maintain “adequacy” with EU regulation to be able to keep trading with the EU. Watch this space. Winter is coming…”

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.