Feature
LEGISLATION
Cookie cutters Last year’s reform of Europe’s data protection regulations is soon to be extended to electronic communications, including those governing website cookies and marketing emails BY JAMES CASTRO-EDWARDS
D
ata protection law is in a state of change. After years of negotiation, the General Data Protection Regulation (GDPR) finally took effect on May 25, 2018, to unprecedented publicity for a piece of legislation. Few UK citizens between the ages of 16 and 60 with access to a computer or smartphone will have escaped the bombardment of emails, asking them to “re-consent” to staying in touch, purportedly to comply with the GDPR. However, the GDPR is not the only area of data protection reform. The legislation that governs certain aspects of electronic communications (including the unsolicited marketing emails that were the subject of the requests to “re-consent”) has also been the subject of review. The European Commission (EC) had originally intended for the ePrivacy Regulation (the ePR) to take effect at the same time as the GDPR. The ePR currently remains a work in progress, but, when it does become law, businesses will need to be prepared for the changes that it will introduce.
The most broadly applicable changes concern the use of cookies, and unsolicited direct marketing
Electronic communications The ePR is a draft piece of legislation proposed by the EC which is intended to update the law governing certain aspects of electronic communications networks and services. The new regulation would replace
24
Enterprise Risk
