It’s no secret that GDPR and ePrivacy has been an important topic over the last year, with everyone from multi-national corporations to freelancers working to make sure they’re dealing with data in a compliant way.
Despite all of our efforts, things could become even tricker over the next 12 months, thanks to additional restrictions and requirements in the form of the ePrivacy Regulation (ePR).
This is set to be the next stepping-stone in the EU’s journey towards establishing what it calls a Single Digital Market and will come into force throughout Europe in 2019.
What, and who, are driving these ePrivacy changes?
Well, you could be forgiven for thinking that the relationship between privacy laws and electronic communications is still in its infancy.
In fact, it’s quite the opposite.
Back in 2002 the European Commission (EC) published the ePrivacy Directive (ePD), which was referred to amongst industry professionals as the infamous ‘Cookie Law’ (aptly named after its most noticeable impact – the requirement for websites to display cookie notifications to all users).
However, given that the size, scope, functionality and availability of the internet have all grown exponentially in the fifteen years, there is no doubt that this piece of legislation has become utterly inadequate.
To this end, in January 2017 the EC published an initial draft of the ePR in which they set out their proposed legislative changes and articulated their target of being able to help people keep pace with technological and cultural developments.
Now, two years and multiple re-drafts later, we are faced with the imminent introduction of the ePrivacy Regulation.
What are the implications of this change for professionals operating within the EU?
Recent studies have revealed that organisations involved with IT security and software development, as well as brands seeking to expand their online presence, have the greatest reliance on the support of freelance workers. And that, coincidentally, it is these sectors that depend on electronic means of communication in order to operate effectively.
Taken together, this means that freelancers are likely to feel the impact of the ePR directly…
But what steps can the growing network of freelance workers take to ensure that they comply with their new obligations when they come into effect?
- First and foremost, it is vital that freelancers educate themselves on the proposed changes that are to be introduced as a result of the ePR.
This is because, whereas employees with permanent contracts tend to be sheltered by the responsibilities of their employers, freelance workers often find that they are left to protect themselves.
- Freelancers need be aware of the fact that the new legislation will be a regulation whereas the previous rules were contained within a directive.
Although this renaming may appear to be nothing more than a technicality, it actually signals a dramatic alteration in the scope of the law. Unlike directives, regulations are legal obligations. This means that compliance is not optional and any infractions are subject to a range of penalties.
- Freelancers who offer their services to companies seeking support with their digital marketing campaigns are encouraged to pay particular attention to these proposals.
This is because, as is widely appreciated amongst those working within the industry, a huge number of the tools used by digital marketers require cookies to operate effectively.
- Freelancers are encouraged to be proactive.
Be proactive in the sense that you need to protect yourself, your business, and your clients.
In reality, many freelancers will be so busy carrying out work for their clients that compliance may take a back-seat. However, as we saw with GDPR, businesses are much more eager to work with freelancers who have taken the necessary steps and can demonstrate their compliance.
Initially this can come in the form of having policies and draft agreements in place that detail how you will use any data shared by the client.
However this is also an opportunity for freelancers to think strategically about their client campaigns, particularly in the marketing industry.
By thinking about the ways in which cookies can be of benefit to end users (for example through making adverts more relevant, enabling autofill on web-forms or remembering the saved items in a person’s shopping cart), we can clearly and persuasively communicate to users why they should actively opt-in to cookies.
Unfortunately (albeit predictably), the European Commission is yet to finalise many of the finer details within the ePR.
But if GDPR taught us anything, it’s that getting a head start is vital, so beginning a compliance plan now could be of huge benefit in the future.
Accepting this, the most pragmatic advice on offer for freelancers seeking to meet the requirements detailed in the ePR is to closely monitor the proposal as it progresses through the European Parliament so that when it does come into effect, we are best positioned to make any necessary changes.