JERSEY CITY: Marketers in the US must ensure they are ready for the General Data Privacy Regulation (GDPR) and ePrivacy Regulation which are set to come into force in the European Union next year, a leading legal expert has warned.

Reed Freeman, a Partner at WilmerHale – a global law firm boasting clients like AT&T, General Electric, and Procter & Gamble – discussed this subject at the Advertising Research Foundation's (ARF) 2017 Audience Measurement Conference.

More specifically, he reported that these transformative rules, which are due to come into effect in May 2018, will apply to businesses on both sides of the Atlantic that engage EU residents.

Using the GDPR as an example, he said: “Bullet point number one: It has extraterritorial effect.” (For more details, read WARC's exclusive report: What the EU’s GDPR and ePrivacy Regulation mean for US marketers.)

“It applies to you if you're processing the information of somebody in Europe – [if] you touch it, you process it … If it’s a European resident’s data, the GDPR applies to you, wherever you sit.”

Should this motivation prove insufficient, Freeman – the Co-Chair of WilmerHale’s Cybersecurity, Privacy and Communications Practice – had a three-word warning that would ring alarm bells at any firm: “Fines for violations”.

The levies raised on businesses failing to meet the GDPR rules, he explained, could reach €10m, or 2% of global revenue, for offences akin to “speeding tickets”, and €20m, or 4% of worldwide sales, for missteps closer to “felonies”.

In determining which category an offence falls under, the EU will assess factors including the “nature”, “gravity”, and “duration” of the misdemeanor.

The new stipulations present unfamiliar issues for US advertisers and publishers in a variety of areas, from securing consumer consent for data use through to definitions of “personal data” and restrictions on profiling.

For third-party vendors, Freeman further ventured, the coming regulatory regime in the Europe Union will be even more adverse, as they face particular challenges in gaining consent from consumers with which they have no direct relationship.

“So, this is a problem for third parties in the ad ecosystem. And it’s going to be a much bigger problem with the ePrivacy regulation,” said Freeman.

“I look at the GDPR, and I think, ‘This is just a huge hassle and it has some really difficult things to do. But, mostly, it's a huge hassle’. The ePrivacy regulation is a catastrophe. Because third parties cannot do it. It cannot be complied with in its current form.”

Data sourced from WARC