If your company uses digital marketing strategies in Europe, buckle up. Starting May 26, 2012, the EU’s new e-privacy regulations go into effect, and it appears the ride may get a bit bumpy.
The sweeping new EU e-privacy directive requires all marketers and website owners operating in any EU country to obtain consent from European users before implementing cookies or other technologies to capture online visitor information. Essentially, that means cookies can only be placed on machines where the user or subscriber have opted-in.
Regulations like this are a dramatic change because, as you know, digital marketers now routinely use cookies and other technologies to tailor online customer experiences, enable web analytics, recommend products, allow auto-log in and compile browsing histories. As of May 26, digital marketers in the EU must re-think their strategies and create appropriate formats for customer opt-in, while also coping with a potential reduction in the amount of available customer data.
Even though there was a 12-month lead-in period to prepare for the impending e-privacy directive, many EU marketers remain unsure about how to comply with the regulations. Some EU countries have yet to create laws based on the new directive and, as a result, it is not apparent how aggressively various governments will enforce opt-in cookies.
But, there’s no longer time for excuses. Marketers must be proactive and adjust marketing practices to accommodate these new and evolving realities. In order to comply with the EU e-privacy directive, I suggest you follow these steps:
1. Take inventory. Consult with your IT and web analytics teams so you fully understand what types of cookies and other tracking mechanisms you currently use.
2. Give consumers clear and complete notice. Start with the basics. Make sure your privacy policy is explicit and up-to-date.
3. Develop a new opt-in mechanism for your website. If you’re marketing online to EU citizens, you need to collect explicit opt-in via some mechanism other than the browser. (Sure, a relatively simple solution would be to ask each user to adjust his or her browser settings to allow for cookies. However, it is not clear whether this would be acceptable as ‘consent.’) You’ll have to consider using a mobile application, a registration form or check box, or even in-store or telephone consent.
4. Revamp your website architecture. How will the user experience change if website visitors do not check your cookie opt-in box? An unending series of pop-ups will detract from the customer experience, but an ‘express consent’ mechanism allowing global opt-in on your home page and any landing pages could work as a creative solution.
5. Collect and manage the data on your landing pages. Use marketing automation or eCRM software to help you collect, store, manage and utilize data so future email or other messaging can reflect custom landing pages for those who have provided an express opt-in.
Marketers and consumers appear to feel quite differently about the new directives. Ecoconsultancy found that 89 percent of UK consumers think that the EU cookie law is a positive step --though 75 percent had not heard of the e-privacy directive before they were surveyed. An earlier study showed that 82 percent of digital marketers believe the EU law is bad for the web.
To help marketers and business owners better understand the new regulations, the UK’s Information Commissioners Office created a website , complete with specific guidance on the rules on use of cookies and similar technologies.
As Information Commissioner Christopher Graham writes at the blog of the Information Commissioner’s Office, the time for equivocation has passed:
“Finally, I want to make it clear what will happen after 26 May 2012, the end of the lead-in period. There will not be a wave of knee-jerk formal enforcement action taken against people who are not yet compliant but trying to get there. If you are working towards compliance and following my advice then keep going. If you haven’t started yet, you need to be reading the advice, speaking to your peers, looking at how other websites inform and empower their users. But if you have decided that this is all too difficult, that you don’t want to give your users choices about how your web pages might collect information about them or that you will get around the law by wilfully misleading people about what you do and how you do it then be assured that if we get complaints or have concerns then we will be checking your site and we will take the necessary steps to ensure that you do work towards compliance.”
