Tag: cookie law

- by Daryl Swinden

Why the Cookie Law is like speeding

With little over a month for compliance of the EU legislation are you on schedule?

On 26th May 2012  owners of EU websites that have cookies are expected to provide the visitors an opportunity to authorise the use of cookies*. The user must have a right and the opportunity to change their mind at a later date.  There is however an alternative. Remove the cookies altogether!

All bar a very few cookies that are deemed essential are affected – the vast majority of cookies do not fall under “essential” and must therefore be dealt with. Unfortunately, the law doesn’t specifically differentiate between those that are more intrusive than others however, unofficially those that don’t deliver information around sensitive data are not deemed high priority issues.

Ironically, in order to remember if a user doesn’t want you to store cookies on their device you would need to store a cookie – which is contradicting the law.

If a user clicks ‘No’ to cookies there goes your tracking and insight out of the window and potentially, functionality for the user will be impeded.

The method of authorisation is up to the website owner – this can be in the form of a pop-up, an information bar or any other ideas you can think of – so there is some creativity around the solution.

The issue is that huge players such as Google & YouTube don’t seem to be joining in on this. This is giving other organisations false confidence in avoiding the law too.

If they aren’t complying you don’t need to right?
Wrong!

Think of it like speeding in your car.

Your mates (Google & co) are saying “It’s fine – you can break the law a bit, we are doing 90mph in a 70mph limit and are getting away with it.”

But for you surely just a bit over the limit is OK, we all know that 75mph is not as bad as 90mph right?

‘Slightly’ non-compliant is better than “totally” non-compliant, but we should remember in the eyes of the law, both are non-compliant. It only takes a police officer to be having a bad day to be punished for 75mph, yet an officer on a good day may waive you.

Breaking the law is breaking the law, no matter how close to the law you are. If you do break it, you risk ending up at the ICO’s ‘speed awareness course’.

Yes, I think we all agree it’s an obscure law, penalising those that use cookies effectively & harmlessly – enhancing the user’s experience, as well as gathering information to further improve customer understanding. It is law, so we can moan about it all we like but it’s inevitable and best to just get on with it.

Those trying to avoid this law may likely go through a lengthy legal battle with the varying data protection authorities in the EU.

Volume is providing solutions for our clients, and can help with yours too. If you have concerns over your compliance get in touch to discuss how we can help.

For a review of the ICO’s guidelines click below:

ICO guidance.

*some cookies are exempt from the law however, these really are few and far between.

- by Daryl Swinden

The data laws will be changing; are you prepared?

Data drives business, provides marketers with valuable insight about consumers and enables highly targeted communications and response-tracking of campaigns. With new developments and engagements around social media (see our social insight blog), it undoubtedly is evolving into a more powerful resource.

But isn’t ‘data’ still something that just geeks worry about? Surely its impact is negligible on professional marketers who are pushing the boundaries for creative, social and integrated campaigns?

Well, something is coming to the data world that will affect all of this.

It’s the new EU Data Protection Regulation. This new legislation will look to standardise the data-protection laws across the 27 EU member states including the UK.

But you’re not affected, right?
Wrong.

EU Data Protection Regulation - DMA warns of fears it will damage UK businesses http://t.co/JXKi3wfD
January 25, 2012 4:48 pm via TweetDeckReplyRetweetFavorite
@DMA_UK
DMA UK

 

Whilst still in draft format, this proposed legislation will at best be an extra headache for business and at worst, could totally break the marketing model as we know it.

With this new regulation, we are going to have to rethink what we are doing and how we are doing it.


There will be even more emphasis on the ability to use an individual’s data - only if they are happy for you to do so. The multi-billion-pound marketing industry that uses this information is of secondary importance.

Of particular interest in the new revision are the following categories:

Explicit

Piggybacking the oh-so-popular cookie law, consumers (and that includes business consumers) will have to give “explicit consent” for an organisation to use their personal data for marketing purposes – even if the consumer has had a previous interaction. So “inferred consent” will go out of the window. Clearly, if this consent can’t be proved, then potential contact databases will have to be scrapped and started again. And nobody wants that, right?

You never saw me, right?

Individuals will also be able to request the deletion of their data – in what’s called a “right to be forgotten”.  This is the first proposed regulation to deal with social media and data protection, but will have far-reaching implications across all marketing activities. The additional administration of this, coupled with the impact of customer profiles and trends, will have both financial and planning implications.

Tell me about me

Right now, individuals can request a copy of their data.
Why aren’t we all inundated with these requests? Well, there is currently a nominal fee of £10 to obtain this information. It is proposed however, that this fee will be scrapped – meaning that these requests are likely to come thick and fast.

When is a number not a number?

When it’s an IP address.

IP addresses are a digital marketer’s dream – they allow us to recognise users. This then means we can run analytics and analyse web behaviours.

Well, it now transpires that these IP addresses are considered personal data. Even though they’re just numbers and you can’t communicate with people via an IP number.

Size matters

Companies with over 250 staff will need to have a designated data-protection officer.

 

Don’t panic just yet though. The legislation is purely draft at this stage. Bodies like the DMA will be fighting the corner for the industry and hope to make sure common sense prevails in some of these areas.

And realistically, by the time all the bickering about what is acceptable to all parties has died down and we have a new regulation, we may be three to four years down the line.

What is clear, however, is that change is happening, and whatever it entails, you should be prepared for a more transparent and open relationship with your data subjects. Those companies that will succeed are those that start planning and incorporating this into their activities now, not in four years’ time.

You can fight it, or accept the inevitable.

Is your organisation prepared for change?