It’s been a busy week for the European Union’s oversight of big tech and digital advertising. On Thursday the European Council, European Parliament, and European Commission held their final, nearly eight hour long, trilogue on the proposed Digital Markets Act, settling on a final deal. Then on Friday, the European Commission announced a provisional deal with the US to allow continued data flows between the two markets.
The quick progress on these fronts stands in contrast to the ePrivacy Regulation, a broad proposed piece of legislation which would set strict new rules for use of data, with a specific focus on browser cookies and similar identifiers.
The ePrivacy Regulation, first proposed in January 2017, was originally due to come into force alongside the General Data Protection Regulation (GDPR). But as VideoWeek reported last year, infighting and lobbying held up progress for years, and ePrivacy dropped off the radar for all but the most avid of privacy advocates.
It looked like we might start to see legitimate progress after the EU Council approved a draft version of the law last February, paving the way for trilogue negotiations. But while the DMA trilogues took three months to conclude, the ePrivacy negotiations rumble on.
There are rumours of progress. EURACTIV’s Luca Bertuzzi reported last week that a new ePrivacy trilogue is scheduled for this coming Thursday, though no official announcement has been made yet. This raises the question, can the ePrivacy regulation return from the dead, and have a significant impact on media and advertising?
Stifled potential
The ePrivacy regulation at a glance looks like a somewhat moot piece of legislation. When it was first announced, ePrivacy drew attention due to the changes it would place on cookie consent collection, namely that consent could be collected at the browser level, rather than on a site-by-site basis.
Given that third-party cookies are being phased out anyway, this change seems ineffectual.
But the ePrivacy Regulation does have big potential. The law doesn’t just cover cookies, but also cookie-like identifiers. So the final version of the ePrivacy regulation could make it possible for users to restrict all types of alternative identifiers at the browser level, which would have big implications for some of the ID solutions currently being tested as alternatives to third-party cookies.
The regulation would also enable use of some first-party cookies, based around improving user experience with no privacy risk, without the need of a consent notification.
There’s also potential for ePrivacy to formally set rules for ‘cookie walls’, whereby users are denied access to content unless they agree to share their data, although a similar provision is likely to be included in the Digital Services Act.
Nonetheless, the ePrivacy Regulation has by no means been neutered, and could still have big implications for digital publishers and advertisers.
The law is still beset by intense lobbying by those who wish to see it watered down. Documents released as part of US states’ antitrust complaint launched against Google showed collaboration between major tech companies to stall the bill. A memo prepared by Google, ahead of a meeting between itself, Facebook, Apple, and Microsoft, said that “[Google has] been successful in slowing down and delaying the [ePrivacy Regulation] process and have been working behind the scenes hand in hand with the other companies]”.
But glacial progress is still progress. Trilogues are continuing, and as was shown by the DMA, a deal could quickly be reached if there was the political will for it.
