What is the new directive?
When does it take effect?
The new directive took effect on May 26, 2011, but so far only three EU countries have complied with it: the United Kingdom, Denmark, and Estonia. In the UK, there is a 12-month grace period for websites to comply. Several other EU nations are still deciding on their approach and it is generally accepted that there is a one-year grace period in effect in all EU countries to comply with the new regulation.
What are the major issues with the new directive?
What does this mean for my business?
Once the directive is in full effect, after the 12-month grace period, violators of the directive will be subject to a £500,000 fine. It is unclear what the penalties will be in various different countries since most are still reviewing how to interpret the directive for their country.
What could a solution look like?
As an example, see the implementation by the the UK’s Information Commissioner’s Office itself on its website. See the warning notice at the top of the home page which a user must click "accept" on to enable cookies on the site.
Today, HubSpot uses a number of cookies, including the ones listed below. Note that this information is subject to change over time, and that this FAQ might become obsolete.
- Session cookies: Once you’re a HubSpot customer, this kind of cookie keeps you logged into the application as you move through different pages and applications.
- These cookies are used -- even by the ICO -- without asking for a user’s permission, because it is technically difficult to do so and indicating how it’s hard to consistently follow the letter of this new directive.
- Visitor cookies: So that HubSpot can track which visitors have come to our site before to maintain usage stats.
- This is the “HubSpot user token” cookie, also known as hubspotutk, and there is one left on every browser visiting a HubSpot-hosted web site.
- This cookie contains no confidential or personal information at all, only a unique string value that is meaningless by itself, but identifies that browser.
- If this cookie is enabled or opted out of, HubSpot will be unable to connect the visitor’s page views to other events, like form submissions and lead-related events.
- Third-party cookies: Used for aggregate usage stats like those collected by Google Analytics
- HubSpot itself does not employ any 3rd-party cookies.
These cookies are used in a manner that is not intended to be disallowed by the new directive (which is primarily designed to prevent tracking of a user across sites, usually for targeted advertising). So HubSpot software is in line with the spirit of the law, if not yet on the implementation.
What is HubSpot going to do about adhering to the directive?
HubSpot is evaluating the law, various interpretations by countries, moves made by browser manufacturers and other trends to determine what is the best course of action for our customers.
Certainly, some interpretations of the law will make the user experience for website visitors onerous and a nuisance so HubSpot is not yet committed to a particular solution.
We aim to comply with regulations while ensuring that our customers have an optimal browsing experience for their sites.
Please watch this page in the coming months for updates on HubSpot’s plan of action.
What if I have further questions on this issue?
- Read the sources listed below and embedded in this FAQ
- Consult your legal counsel
- Monitor blogs such as the International Association of Privacy Professionals