The Updates to PECR are Real – But are they Realistic?
For the past two years, the marketing and media world (not just Europe) has been consumed by data regulations.
Training on GDPR has been set up across agencies and publishers, legal professionals have moved on from PPI claims to charging huge amounts for data protection advice and event companies have run some data privacy events so boring, that on a couple of occasions, it seemed BBC Four might take the concept and develop a TV series.
Whilst it is possible to jest, this was serious stuff – new rights were introduced for consumers online, as the Wild West of digital, found a new sheriff had moved into town.
Consumer affiliate networks felt the hit the most. Gone were the days when data could be resold to multiple partners with no clear view on where the data originated. GDPR said no, and with brands spending more on legal advice than ever before, very few found themselves taking the risk without some serious changes.
In B2B however very little changed. One of the six lawful bases for processing data is ‘Legitimate Interest’ and if you want more details on what this means then you can read about it on the ICO website here.
To put this in pretty simple terms in order to communicate with someone at a business, using business contact details it is reasonably simple to put together a case (there is actually something called a Legitimate Interest Assessment which from my experience very few bother to complete) to justify marketing to businesses via personal data.
For a while prior to GDPR Legitimate Interest was not mentioned. It wasn’t confirmed until shortly before the regulation became a legal requirement, and B2B marketers faced a fair bit of uncertainty.
Fast forward a year and the concern now is the replacement of the Privacy and Electronic Communications Regulation (PECR to the delight of school children everywhere) with a new e-Privacy Regulation to sit alongside GDPR. This one has B2B marketers a little more concerned as the Direct Marketing Association explain quite well below – again this is a good article to read in full if you’re new to this:
Under PECR direct marketing can be sent to employees working for corporates or public authorities without consent, on an opt-out basis. The new law would reverse this and align B2B marketing with B2C. Therefore, consent would be required for B2B marketing, no contact could be made without prior permission.
This would severely hamper the work of B2B marketers, who rely on prospecting to generate new business. It would also be anti-competitive as SME’s don’t have large amounts of customer data and therefore often rely on using third-party lists bought from a supplier. They then contact people without permission but offer them the chance to opt-out. SME’s would be at a disadvantage in comparison to large companies that already have large customer databases.
What this means, is that if enacted in the current proposed format, e-Privacy would shut down sales teams across Europe.
The data purchased for use by: B2B exhibition organisers, lead gen providers, magazine subscription teams etc. would all require explicit consent. Sales people wouldn’t be able to guess an email and send it over – CRM systems would need to show how consent was captured on each email – in short, this would cost companies billions and would help the largest data owners such as LinkedIn (Microsoft) or Google the most.
If we assume that whatever Europe decides in relation to data privacy, the UK government will enact regardless of Brexit (which is what the UK has always said previously) the above should be a concern.
And yet whilst I could be making a fool of myself here, I do not believe this stands a hope of being implemented in the current format. The costs to business and the disadvantage that would be placed upon European organisations would make this insane.
Whilst people voted for Brexit – there has been no referendum on data privacy. There is minimal political pressure compared with Brexit for pressure groups not to be able to force changes before this is enacted. Certainly too many senior business professionals sit in the House of Lords for this to not come under intense scrutiny prior to implementation.
As such I firmly sit in the camp that says the e-Privacy Regulation will be altered to ensure the rights of the individual are protected whilst ensuring businesses can remain competitive – much like GDPR was. If the changes to e-Privacy have been keeping you up at night, then I wouldn’t let them. And if you still can’t sleep I’d highly recommend you catch ‘James May’s Big Trouble in Model Britain’ available on BBC Four via iPlayer now.