MarketingIt’s All Still Baking in Europe on the Use of Cookies

It's All Still Baking in Europe on the Use of Cookies

Five things marketers should prepare for in order to comply with the new EU privacy regulations.

As you likely know, on May 25, 2011, new European Union (EU) privacy regulations went into effect in the United Kingdom. They are an amendment to the European Union Privacy and Electronic Communications “E-Privacy” Directive (2009) and require marketers and website owners to get specific consent from European users before using cookies or other technologies to do anything from customizing online experiences, to using a web analytics tool, to auto log-in, to recommending products, and even just tracking people around the rest of the web.

The directive applies to companies operated in any EU country, but each country must issue their own laws in order to regulate and enforce the directive. Under the old laws, marketers simply had to have notice in their privacy policy about how cookies were used. Now, there is some pretty strong language in the directive around the use of cookies, and the lack of consumer knowledge about their own complicity in visiting websites that use cookies. It seems that consumers who don’t actively turn off cookies are not going to be viewed as giving consent.

Why has the EU switched gears on cookies? When the European Commission first adopted the E-Privacy Directive, it allowed for an opt-out approach for most types of cookies. However, in the following two years, “A transatlantic debate on the topic of ‘behavioral tracking’ has unfolded; privacy regulators on both sides of the Atlantic have soured on cookies and online tracking in general,” according to Jay Cline, president of Minnesota Privacy Consultants. The New York Times ran a front-page series on the expansive cookie practices of Yahoo and others, and the Federal Trade Commission’s attitude toward behavioral tracking.

Unfortunately, not a lot of clear direction has been given to those of us trying to comply with the regulations. Many EU countries have yet to create laws based on the directive, and it’s not clear how aggressively various governments will enforce opt-in cookies. “It’s noteworthy that continental Europe tends to view the UK as falling on the permissive end of the spectrum for privacy regulation,” Cline says. “If you think the UK approach is strict, just wait for France, Germany, Spain, and Italy to lay down the law on cookies.”

So if you are confused about what is required, you are not alone. What makes things even harder is that requirements will vary from country to country.

The U.K. Information Commissioner’s Office (ICO) has published some guidance. The latest amended regulations seem to allow for technical/automated solutions by retaining this paragraph:

(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.

Note the word “may” in there. It’s not clear if browser settings are going to be enough for the U.K. regulators. If they are, then many other EU nations may follow suit. However, it’s not a good idea to sit back and wait. The U.K. law has a grace period of one year, but a company’s effort (or lack of effort) to comply during the next year will be taken into consideration when enforcement begins in May 2012.

What Should Marketers Do?

  1. Know what types of cookies and other tracking mechanisms you are using. “First-person session cookies are seen as more privacy friendly and necessary, for example, than third-party persistent cookies,” Cline advises. Talk to your IT and your web analytics teams to fully understand.
  2. Give clear and complete notice. Make sure your privacy policy is explicit and up-to-date.
  3. Start to consider an opt-in mechanism for your website. At the end of the day, all marketers who are in, or market to citizens of, European Union nations should plan to start collecting explicit opt-in via some other mechanism than the browser. This could be via a mobile application, a registration form or checkbox, or even an in-store or telephone consent. Although there is an exception for “service”-related cookies, the directive is pretty clear that the use of cookies without express consent needs to be “strictly necessary” as well as “explicitly requested” from the consumer.
  4. Review how your website is architected. What would happen to user experience if most visitors did not check your cookie opt-in box? This is the same exercise as with the advent of mobile-device browsers that couldn’t take full advantage of many site features.While an unending series of pop-ups doesn’t seem to serve any one well – consumers or regulators – collecting express consent via a simple opt-in checkbox could make sense for all marketers on their home and landing pages at least. For example, the U.K.’s ICO, that should know what it’s doing, uses this approach as a simple page header:ico-data-notice-may-2011
  5. Collect and manage the data on your landing pages. Here is where technology is your friend. Use your marketing automation or eCRM software to help you collect, store, manage, and utilize this information so that future email or other messaging can reflect custom landing pages for those who have provided an express opt-in.

The U.K. Direct Marketing Association has also published some guidance on the directive. I expect that as U.K. companies start to comply and other EU nations begin to publish guidelines, that the true impact of the directive will be clearer. In the meantime, please let us know what you are doing to comply in your business.

Please note that I am not a lawyer, and this is in no way to be construed as legal advice. As with all regulations, please seek direction from your own legal counsel.


US Mobile Streaming Behavior

Whitepaper | Mobile US Mobile Streaming Behavior


US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups

Whitepaper | Analyzing Customer Data Winning the Data Game: Digital Analytics Tactics for Media Groups


Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people

Whitepaper | Digital Marketing Learning to win the talent war: how digital marketing can develop its people


Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Marketing Cloud Suite vs. Best-of-Breed Approach: Why Brands Are Turning to CDPs to Power Their MarTech Stacks

Whitepaper | Digital Transformation Marketing Cloud Suite vs. Best-of-Breed Approach: Why Brands Are Turning to CDPs to Power Their MarTech Stacks


Marketing Cloud Suite vs. Best-of-Breed Approach: ...

Marketing cloud suites have long positioned themselves as the “all-in-one” solution for enterprise brands. Many have even promised the single customer...

View resource