Consent Overload: The EU Multi-layer Regulations of Profiling Activities

Etienne Drouard, CIPP/E, Partner, Hogan Lovells

Nathalie Laneret, CIPP/E, CIPM, Vice President, Government Affairs and Public Policy Criteo

Dale Sunderland, Commissioner, Data Protection Commission Ireland

The EU’s evolving interpretation of consent under the ePrivacy Directive is creating a compliance nightmare and a regulatory labyrinth for businesses. With consent now required for everything from pixels and hashed email addresses to IP addresses, profiling activities are facing a dramatic shift with lack of consistency from one member state to another. This session will delve into how this new approach not only complicates consent management but also clashes with the GDPR’s framework, particularly around profiling. With the ePrivacy Regulation abandoned entirely due to member state disagreements, businesses are left with fragmented and overlapping regulations and no clear, consistent enforcement. Unlike the GDPR’s one-stop shop for cross-border issues, the ePrivacy Directive creates a web of local authorities for compliance. What does this mean for businesses — and how can they stay compliant in this overloaded regulatory environment?

What you will learn:

• Lessons learned from the EUCJ, the EDPB and data protection authorities, when consent is required by law or by regulators. 
• Actionable tips on how businesses can continue targeted advertising operations within the new consent framework without violating GDPR or the ePrivacy Directive and prepare for potential enforcement challenges.
• A list of common pitfalls and bad practices in targeted advertising, with real-world examples of what to avoid in order to stay on the right side of evolving regulations.