How the cookie crumbles
Recent days have brought renewed news coverage of the amended EU e-Privacy directive, and what it means for online marketing. As usual with news about the internet and EU regulations there's been a lot of hyperbole. Here's our summary of what it could mean for you.
The new email marketing provisions increase the penalties for sending unsolicited email and extend who is protected by the law. In future public prosecutions won't be the only way to seek redress; recipients and companies whose systems are affected by spammers will be able to take private action. The regulations also close a loophole in the existing law that means that users that don't pay for their internet service aren't protected. Finally, the new rules strengthen the requirement for transparency. Since 2007 it's been a legal requirement to clearly to identify the sender of the email and include an opt-out link. From May it will be necessary to clearly disclose of the nature of marketing emails. If you send a commercial email masquerading as a personal message, you'll be breaking the law.
These changes shouldn't affect reputable marketers, they'll really only affect you if you're a junk mailer.
Potentially more troublesome is the new requirement that websites must get informed consent from visitors before setting cookies (with the exception of tracking shopping carts, user login or other essential tasks of service delivery).
Here's the paragraph in question:
3. Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
There are clearly plenty of valuable uses for cookies, just as there are ways of abusing them. Nobody wants to be hit by a barrage of popups every time they visit a website, but the alternative is no better — putting the onus on users to opt out by turning off cookie support in their browser settings. The lack of specificity in the law is potentially its greatest threat to existing marketing practices. Each member state gets to implement EU directives in their own way and we could end up with a jumble of different laws to comply with.
These local laws are supposed to be in place by 25th May 2011, but it's likely that many countries will be late. We'll be following developments and will post an update as soon as the situation becomes clearer.