At the Protecture seminar on e-Privacy at the end of November, Rowenna Fielding reminded us that PECR is about more than just consent for electronic direct marketing.
I don’t think that Rowenna meant to alarm anyone, just a gentle poke in the ribs to get your online house in order before the new ePrivacy Regulation comes in sometime during 2020. Starting with what you should already be doing.
The technology available to even the most modest of organisations is incredible. The information about what people respond to and how they behave online can make a big difference to how effective your engagement is with beneficiaries and supporters. But it also has the potential for you – and others – to find out things about people that they didn’t even know they were sharing.
Regulation 6 of PECR says that you need to get consent for non-essential cookies and other ‘virtual stickers’ used to track users. You might think you’ve got this covered by a cookies pop up on your website. But do you explain the trail of electronic crumbs that will be created by those cookies? And what other organisations are using that trail to build up a picture of your supporters – their likes and dislikes, habits and behaviours….? Do you know?
Now is a good time to get the answers to those questions.
- Find out what cookies and other technologies are being used on your websites, apps and email systems. You may need to speak to your web developers, services providers and IT support to get the full picture.
- Identify which are essential and non-essential – and therefore which need consent.
- It’s possible that you may not actually be able to turn off some of the tracking that you need consent for. You won’t be alone here – as some of the services that are in widespread use just don’t have this functionality at the moment. Fix what you can now and document what is currently beyond your control.
- Review your privacy info to make sure that you’re being transparent.