We've come a long way, baby. Remember when web and marketing analytics were just about measuring the number of times your page loaded? Ha! What hogwash.
Now, marketers can barely survive without detailed reports on how visitors are actually using their website.
But with great power comes great responsibility. As tracking systems have become more robust , the question comes up more and more often -- should users have a say in the matter, or at least be informed of how they are being tracked?
It's a question that many government organizations are starting to consider; in fact, the European Union took up the issue back in 2009. Their efforts culminated in what has come to be known as the EU Cookie Directive, a wide reaching piece of legislation that requires EU member countries to pass laws around web privacy . And since a large segment of our audience markets to European internet users, we thought it prudent to give a rundown of what exactly the EU Cookie Directive means for marketers.
( Note: This article does not constitute legal advice. If you have questions about how these laws apply to your business, you should contact a legal expert for help.)
What does the law actually say?
While the part of the legislation that has come to be known as the “cookie directive” is just one piece of a larger set of regulations on web privacy, this particular portion is capturing the lions’ share of attention as it impacts a huge number of websites:
"Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information."
This part of the regulation is aimed squarely at systems that store information about a user on their own computer -- cookies, LocalStorage (a feature of HTML5), and flash objects, to name a few -- the first of which is used by most web analytics systems like Google Analytics and marketing analytics tools like HubSpot . The law requires companies to obtain “explicit consent” before using storing data in ways that may be considered to be “intrusive.”
From its date of passage in 2009, EU member nations have had time to formulate and implement their own legislation. One of the first of such laws to come into effect is from the UK, which the government started enforcing on May 26th, 2012. Other nations are at various stages of drafting and releasing their own laws, too.
Who does this apply to?
In short, if you are based in Europe or have offices in Europe, you are technically subject to the law -- or will be eventually, as more and more nations come into compliance. For sites based outside of the EU, the EU contends that targeting users in their member states would require compliance. That being said, this is a grey area, and most sites outside of the EU have not taken any steps to do so.
So, what does complying actually mean?
The UK government seems to have a more relaxed interpretation of the law.
But there is some ambiguity. More recent guidance from the UK government’s Information Commissioners’ Office (the body responsible for implementing the law in the UK) made it unclear whether or not consent is implied, or must be explicit. For example, do websites have to prompt a user with a banner or popup before installing cookies, or can they assume that the user would be okay with it? The ICO says that implied consent is a valid form of consent in some cases, which dramatically changes how the law affects most websites.
The BBC has taken an approach somewhere in the middle -- explicitly informing visitors that they store cookies with this banner, but letting visitors opt not to have their cookies stored by changing their cookie settings.
Some cookies are exempt.
While a number of UK-based sites have rolled out changes to get explicit consent from their users before installing cookies, many appear to be leaning toward the more relaxed interpretation from the ICO. You can find the guidance here and make a decision for yourself.
What's the bottom line?
This article does not constitute legal advice. If you have questions about how these laws apply to your business, you should contact a legal expert for help.
Image credit: big-pao