Five things marketers should prepare for in order to comply with the new EU privacy regulations.
As you likely know, on May 25, 2011, new European Union (EU) privacy regulations went into effect in the United Kingdom. They are an amendment to the European Union Privacy and Electronic Communications "E-Privacy" Directive (2009) and require marketers and website owners to get specific consent from European users before using cookies or other technologies to do anything from customizing online experiences, to using a web analytics tool, to auto log-in, to recommending products, and even just tracking people around the rest of the web.
Why has the EU switched gears on cookies? When the European Commission first adopted the E-Privacy Directive, it allowed for an opt-out approach for most types of cookies. However, in the following two years, "A transatlantic debate on the topic of 'behavioral tracking' has unfolded; privacy regulators on both sides of the Atlantic have soured on cookies and online tracking in general," according to Jay Cline, president of Minnesota Privacy Consultants. The New York Times ran a front-page series on the expansive cookie practices of Yahoo and others, and the Federal Trade Commission's attitude toward behavioral tracking.
Unfortunately, not a lot of clear direction has been given to those of us trying to comply with the regulations. Many EU countries have yet to create laws based on the directive, and it's not clear how aggressively various governments will enforce opt-in cookies. "It's noteworthy that continental Europe tends to view the UK as falling on the permissive end of the spectrum for privacy regulation," Cline says. "If you think the UK approach is strict, just wait for France, Germany, Spain, and Italy to lay down the law on cookies."
So if you are confused about what is required, you are not alone. What makes things even harder is that requirements will vary from country to country.
The U.K. Information Commissioner's Office (ICO) has published some guidance. The latest amended regulations seem to allow for technical/automated solutions by retaining this paragraph:
(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.
Note the word "may" in there. It's not clear if browser settings are going to be enough for the U.K. regulators. If they are, then many other EU nations may follow suit. However, it's not a good idea to sit back and wait. The U.K. law has a grace period of one year, but a company's effort (or lack of effort) to comply during the next year will be taken into consideration when enforcement begins in May 2012.
What Should Marketers Do?
The U.K. Direct Marketing Association has also published some guidance on the directive. I expect that as U.K. companies start to comply and other EU nations begin to publish guidelines, that the true impact of the directive will be clearer. In the meantime, please let us know what you are doing to comply in your business.
Please note that I am not a lawyer, and this is in no way to be construed as legal advice. As with all regulations, please seek direction from your own legal counsel.
Want to learn more? Join us at ClickZ Live New York 2015
[ALERT] Super Saver Rates Expire January 30. With over 15 years of experience delivering industry leading events, ClickZ Live brings together over 50 expert speakers to deliver an action-packed, educationally-focused agenda covering all aspects of digital marketing. Quick! - Register today to secure your place at the best rate.
Stephanie Miller is a partner with brand and marketing technology strategy firm TopRight Partners, which helps customers use the technology they have today to do the marketing they want to do today and tomorrow. She is a relentless customer advocate and a champion for marketers creating memorable customer experiences. A digital marketing and CRM expert, she helps sophisticated marketers balance the right mix of people, process, and technology to optimize a data-driven content marketing strategy. She speaks and writes regularly and leads several industry-wide initiatives. Feedback and column ideas most welcome, to smiller AT toprightpartners DOT com or @stephanieSAM.
Hong Kong, 20-21 January
Singapore, 5-6 March
Google My Business Listings Demystified
To help brands control how they appear online, Google has developed a new offering: Google My Business Locations. This whitepaper helps marketers understand how to use this powerful new tool.
5 Ways to Personalize Beyond the Subject Line
82 percent of shoppers say they would buy more items from a brand if the emails they sent were more personalized. This white paper offer five tactics that will personalize your email beyond the subject line and drive real business growth.
January 29, 2015
1:00pm ET/10:00am PT