The ePrivacy Regulation

[Arzina3225]

On May 25, 2018, the current privacy law Personal Data Protection Act (Wbp) will be replaced by the GDPR (General Data Protection Regulation). This law applies to all European countries. The Dutch version, the General Data Protection Regulation (AVG), was already introduced in 2016 and will be strictly enforced by the Dutch Data Protection Authority from May 25, 2018. Our first article in the GDPR/AVG series already described what this means in broad terms for the organization and what you should pay attention to as a digital marketer. In this part I will discuss what the GDPR/AVG specifically means for digital analytics .


Situation before GDPR
In 2015, the 'cookie law' was relaxed and the user gives permission for the placement of, among other things, remarketing cookies by using the website. You must then state this in a cookie bar and the privacy regulation must meet certain conditions. One of these conditions was to state where people could delete cookies and which cookies were placed. You had to describe what the cookies were placed for, by whom and when they were automatically deleted again.

So there was no absolute necessity for the visitor to give explicit permission. Simply by navigating to a next page, for example, you as a visitor already gave permission to place the cookies in your browser.


In most cases, a consequence of the GDPR is that the user must give explicit consent. In addition to the GDPR, there will be an additional legislation, called the ePrivacy Regulation. This replaces the current 'cookie law' and indicates how the GDPR should be interpreted, so that there is more clarity about how the opt-ins are collected. This ePrivacy Regulation was supposed to start at the same time as the GDPR, but has been postponed by the European Parliament . When it will now come into effect is not yet clear. It is beyond dispute that the GDPR will come into effect on May 25, 2018. From that moment on, it will have an impact on how and what you are allowed to collect.

Situation as of May 25, 2018
Under the GDPR, explicit consent must brazil whatsapp number list be given for the collection of personal data. What falls under personal data has been tightened up with the GDPR. In addition to data that can be identified to a person (name and address details, but also IP address, location data with GPS), this also includes pseudo-anonymous data. Although these cannot be traced back to a natural person without additional information, they can be individualized. Examples of this include customer ID, user ID and hashed e-mail address.



If no form of profiling is applied and you only place cookies from your web analytics package (such as Google Analytics ), then the impact of the GDPR/AVG is quite manageable. By profiling I mean that you do not use any form of remarketing or personalization on the website or build interest profiles of your visitors.

The user (in this case the visitor of your website) does not have to give permission for you to place analytical cookies to measure the visit. As long as you do not collect personal data or pseudo-anonymous data with these cookies, no permission is required. It is important to know that you are not allowed to store IP addresses. This makes the location data in analytics less accurate and you can therefore no longer filter IP addresses to exclude the behavior on your website from a certain location (for example your own office).