If GDPR is the Milk, where are the Cookies?

William Richmond-Coggan, Partner at Pitmans writes about changes to the "Cookie Law". 

Everyone knows (they don’t, but they ought to) that the General Data Protection Regulation will be coming into force on 25 May 2018. The implications of the regulation, directed at the protection of the personal data of EEA-based data subjects, are clearly defined within the legislation and businesses and advisers are starting to get to grips with them.

But the ePrivacy Regulation, which was supposed to provide a complementary legal regime for safeguarding those same citizens’ right to a private life within the digital sphere, is very different. The successor to the existing ePrivacy Directive (also known as “Cookie Law” because among other things it mandated the use of the ubiquitous cookie information pop-ups on EU-based websites) was supposed to have come into force at the same time as GDPR, and to have been harmonised with its effects.

In fact, though, the ePrivacy Regulation is not yet completed – the text of the regulation may yet change, and although the aim is to have it in place by the end of 2018, there is no guarantee that this will happen. At present, therefore, businesses are having to ensure that their online data processing is GDPR compliant without knowing the extent to which they may need to make further changes in order to achieve ePrivacy Regulation compliance, as and when that comes in.

I’ll be discussing this topic and in particular the implications for law firms with an online presence (so… all of them), as well as talking about what can be done in the meantime, at Ark Group’s GDPR for Law Firms Conference 2018, taking place in London on 24 April 2018.