The European Union’s Amended ‘Cookie’ Laws: Implications for Online Marketing
On 25th May 2012, the new EU ‘cookie’ law came into effect. This law, which must be implemented by web masters across Member States, has sparked international concern and confusion.
As the EU is such a significant trading partner, and the new laws apply not only to European sites, but also to foreign sites accessible by European audiences, the implications for these amendments are far reaching and must be understood within the US. This article discusses what they mean for online marketing professionals.
What are Cookies and how do they impact upon Online Trading?
What are Cookies? A cookie is either a small text file stored within an individual’s computer hard drive, or a piece of information stored within their computer’s memory function. It remains stored until an individual closes their computer’s web-browser.
Cookies perform three key functions. First, they facilitate statistical reporting; in turn helping web owners to better structure their websites so as to better meet user needs. Second, they support the development of behavioural advertising. Thus, individuals become better able to conduct targeted product searches as the cookie will display advertisements matched to user queries. Finally, cookies enable conversation tracking. Within an online shop, products of interest can be stored so as to facilitate product matching on subsequent site visits.
There are several common types of cookie. From an internet user’s perspective, these cookies can be categorized accordingly. Third party cookies are sharing buttons within social media sites. Geotargeting cookies are anonymous and identify only the user’s country. Advertising cookies serve relevant advertisements to users. They are also anonymous and store browsing content. Registration cookies identify the user’s account and enable server side technologies. Finally, Google analytics cookies are used to collect data relating to website usage.
The Significance of Cookies to Online Trading
In order to succeed, companies must seek to increase net profit, not only by increasing sales volume, but also by reducing sales expenses so as to increase sales margins against their current sales figures. For an online business to achieve this, it must seek to increase numbers of unique visitors to its websites through targeted mailing and advertising, site traffic enhancement and web conversion strategies.
Cookies are fundamental when seeking to increase online profits. In business terms, browser cookies can be used for the purposes of web site analytics and targeted marketing. Thus, cookies enable the collection and sharing of information so as to improve customer’s online trading options. Second, flash cookies can be used by online trading companies as a source of authentication. They can also be used to distinguish site members from site visitors.
Finally, online trading companies can use web beacons to facilitate site traffic management and online advertising. These beacons, provided by external companies for external advertisement management, perform several key functions. Examples include, affiliate marketing, marketing tracking and site analytics.
Part 2- The EU ‘Cookie’ Law
Understanding the Law
The EU’s cookie laws are governed by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended). Through the 2003 Regulations, EC Directive 2002/58/EC, concerning the protection of privacy within electronic communications, was implemented.
This Directive was subsequently amended by Directive 2009/136/EC. This amendment included an alteration to Article 5(3) of the E-Privacy Directive requiring consent for storage or access to information stored within a user’s terminal equipment.
Since 2003, Regulations have required that those using cookies clearly inform site users. In May 2011 (for incorporation by May 2012), this requirement was expanded. Thus, it is now necessary for users of cookies, not only to provide clear information to site users, but further, to obtain the consent of subscribers or users when seeking to store a cookie on their device.
Though the Regulations do not identify who is responsible for ensuring compliance with the consent requirement, it can be assumed that such responsibility falls with the company or individual operating the online service and utilising the cookies for their own ends. In the case of third party cookies being set, or companies designing websites for others, the responsibility of both parties can be assumed.
Exemption from the Consent Requirement
To be exempt from these requirements, cookies must either be being used solely for the purpose of administering the transmission of communication over a communications network, or where access or storage is essential for the facilitation of an information society service requested by the site user or subscriber.
Focal to discussions within the European Institutions and their Member States has been the scope of these exemptions. Pivotal to discussions was the extent to which cookies must be used for resource and capital planning as well as website operation. As each Member State is responsible for devising its own incorporation legislation, it is possible that, in the absence of European case law, full consensus will not be reached at this point.
As an example, the UK’s Information Commission has adopted a narrow interpretation of these exemptions. It has stated its belief that a narrow interpretation was intended by the European legislature. Within its guidance, it provides several examples of likely exemptions.
A cookie used to remember the goods a user wishes to buy and then they proceed to the checkout or add goods to their shopping basket
Certain cookies providing security that is essential to comply with the security requirements of the seventh data protection principle for an activity the user has requested – for example in connection with online banking services
What are the Implications of the Consent Requirement for Online Marketing Campaigns?
Across various EU Member States, guidance has been issued in order to facilitate compliance. Thus, Americans designing sites for EU countries must refer to relevant guidance. Continuing with the example of the UK, the UK’s Information Commission has provided practical guidance for those striving to meet the new requirement.
First, it suggests checking the type of cookies used and the way in which they are used. This could be done either through a comparative audit or a data check. Cookies should be analysed so as to determine the extent to which they are necessary and, therefore, might not need consent.
Finally, the Commission highlights the need to determine the best fit solution to obtaining consent. Here, it observes that the greater the intrusion on privacy, the greater the need to achieve meaningful consent. The Commission observes that, though the method which must be adopted in order to achieve consent is not defined within the EU Regulations, it must, at least, be proportionate.