DSA and the ePrivacy Directive: What New EU Regulations Mean for eCommerce
The European Union passed two significant pieces of regulatory legislation at the end of 2020 that are poised to change the digital landscape. The Privacy and Electronic Communications Directive and the Digital Services Act have the potential to dramatically alter the way eCommerce brands operate within the EU.
Here we cover what U.S., EU, and U.K.-based eCommerce brands need to know about the new regulations.
What is the EU Privacy and Electronic Communications Directive?
In 2002, the EU passed the EU Privacy and Electronic Communications Directive, also known as the ePrivacy Directive. It requires national governments to set their own country-specific laws regarding data privacy. The EU updated the directive in 2009, but it is the most recent update at the end of 2020 that eCommerce brands need to note.
The EU is expanding the directive to consider the increasing number of digital communication channels now present, explains Andrew Hutchinson at Social Media Today. “The latest changes relate to how long data can be kept, and what types of information can be gathered via messaging apps.”
The update improves the existing legislation and aims to complement the General Data Protection Regulation. Now, a single, unified standard for data protection replaces the country-specific directives granted in the original 2002 legislation.
The fact that it is a regulation rather than a directive is also important, Ramirez adds. “A directive is a flexible legislative instrument. It’s an objective EU Member States must meet. States can implement a directive however they like as long as they achieve the desired result. They can adapt their existing law or pass new ones.
“A regulation, however, is more powerful than a directive. Once passed, a regulation is binding across all EU Member States. It becomes enforceable on its set date. It does not need to be transposed into law at the state level as it supersedes existing state law.”
What is the Digital Services Act?
The Digital Services Act is an update and replacement of the eCommerce directive adopted in 2000, write Victor Timon and Helen Hart at the law firm Lewis Silkin. The Act has two main functions.
The first is to add new and updated rules to improve the single market for digital goods and services with particular reference to platforms and marketplaces. The second is to “level [the] playing field in European digital markets, where a few large online platforms currently act as gatekeepers,” Timon and Hart write.
“The Commission wants to explore rules to address these market imbalances, to ensure that consumers have the widest choice and that the EU single market for digital services remains competitive and open to innovation.”
The EU regulations aim to address the handful of monopolies it sees as dominating the internet, writes Scott Ikeda, senior correspondent at CPO Magazine. “These Big Tech heavyweights are branded ‘gatekeepers’ by the Act and would be subject to a new package of rules to prevent anticompetitive behavior, such as being limited in their use of information of business users to develop and deploy competing services.”
Specifically, platforms are required to police content more effectively and remove anything illegal, explains TechCrunch senior reporter Natasha Lomas. “Online marketplaces will … have a new ‘Know Your Customer’ obligation — to try to tackle counterfeit and/or dangerous products — meaning they will be required to verify the identity of a seller before allowing them to trade on their platform,” she explains.
Platforms must be more transparent when it comes to algorithms too. They are now required to explain how they calculate product rankings and recommendations.
Facebook Reacts Swiftly to the News
Facebook reacted to the ePrivacy Directive news by disabling several key features of its Messenger app and Instagram within the EU.
Facebook did not provide a comprehensive rundown of what features would be unavailable, writes Tom Warren, Senior Editor at The Verge, but its website revealed that Facebook would block polls on both platforms, stickers would be missing from Instagram, and personalized replies would not be available on Messenger.
Interestingly, nothing within the ePrivacy Directive bans the use of polls or stickers, writes BBC News Technology Reporter Chris Fox. “It is quite possible that Instagram and Messenger polls and selfie stickers did nothing to violate the new rules – but Facebook wants to play it safe and offer a stripped-back messaging service until it can add the extras back in.”
The move affects businesses, notes Andrew Griffin, Technology Editor and Science Reporter at the Independent. “It has disabled access to several Facebook Messenger APIs, for instance, which makes it harder for developers and businesses who use the chat service to communicate with customers,” he writes. Facebook did not provide a timeline for reintroducting these features.
How Do New EU Regulations Impact eCommerce?
The new legislation will impact eCommerce brands in more ways than just limiting Facebook features.
More Scrutiny on Marketplace Users
Online marketplaces like Amazon are now under increased pressure to scrutinize third-party sellers, says David Meyer. “If they break the rules, they could face fines of up to 6% of global annual revenues—a similar approach to the 4% maximum fines introduced under the General Data Protection Regulation, though potentially tougher.”
Fewer Tracking Cookies
Expanded restrictions on collecting and using data will undoubtedly have a knock-on effect on how brands reach customers, writes Mailjet Marketing Manager Julie Paci. “With the new ePrivacy regulations, companies will have the obligation, with few exceptions, to collect the consent of users before any operation of writing or reading cookies and other tracers.” Brands will no longer be able to target digital ads and personalize the shopping experience with the same precision.
The Upheaval of Digital Advertising
The Digital Services Act will upend digital advertising on platforms like Google, Facebook and Amazon, write Aline Blankertz and Julian Jaursch at the Brookings Institution. A lack of cookies could jeopardize targeting options. Additionally, platforms would have to be more explicit about how their algorithms work.
What Are the Next Steps for eCommerce Brands?
Brands already operating in the EU or those in the process of launching a cross-border presence in the bloc should take the following actions immediately.
1. Assess the Situation
Further research on the impact of both pieces of legislation is a crucial first step. Understanding the regulatory framework of foreign markets is critical, says the team at Quickbooks. “Failing to meet compliance regulations in a country you’re attempting to expand into can not only put a halt to your expansion plans, but also create additional costs in your home country.” Brands must consider the additional cost and business impact of these regulatory changes.
2. Seek Assistance
It is more than likely that brands will require third-party advice to help with the matter. Brands should seek expert advice whenever they operate or expand into new markets, writes Amber Leigh Turner at The Next Web.
This moment is no different. Even sizable investments in obtaining expert advice are nothing compared to possible missed opportunities or costs that may occur if brands navigate the new EU regulations blindly.
3. Complete Due Diligence
Thorough research is essential before working with any third-party, says Tom Popomaronis, EVP of Innovation at Massive Alliance. Brands must:
- Assess the past performance of potential partners.
- Check their qualifications.
- Reach out to current and previous clients.
An eCommerce solution like Scalefast is the perfect partner in this respect. With our international business law expertise and knowledge of emerging legal trends, we simplify business practices for global brands.