In May 2012, the legality of gathering and analyzing visitor data via cookies in the European Union (EU) will change – at least in the UK. This marks a significant shift in the digital marketing environment. The following sections describe the details of the directive as they pertain to website owners operating in EU countries. We also offer recommendations on how to address the implications for online marketing efforts and close with a list of resources for further research.
What is a Cookie?
A cookie is a piece of code that is entered into the memory of one’s Internet browser. It is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data on the user’s computer.
The Directive in Short
The EU passed a policy requiring individual EU countries to draft and enforce an anti-cookie law that requires all websites to get explicit approval from users before enabling cookies related to the user’s visit. Companies are also required to provide a detailed explanation of all cookies on the site. After reviewing this, users either accept or reject all cookies – they cannot choose which to enable. Penalties for violation can cost £500,000, or roughly $796,000.
- Any cookie required for site functionality is exempt from the law, including shopping cart or login persistent cookies, for example.
The EU directive is not an enforceable law in and of itself, rather a requirement that each EU country draft and enforce its own law. Currently, the UK is the only country that has set a compliance date. Denmark and Estonia have also indicated that they will be enforcing the law, but no details have been released.
The most important action is to consult with your legal team to determine whether you are liable, based on your international presence. As marketers, we are not offering legal advice; rather, we wish to inform you of the law as we understand it and highly encourage that you seek legal assistance. If you are liable to comply with the law, be sure you fully understand the name and function of each cookie on your site and have developed corresponding descriptions for visitor use. Due to the gray areas inherent in international online laws, be sure to carefully study the risks and your responsibilities in relation to the law. Once you are aware of the risks, defining your approach and method of compliance is vital.
Aside from the clear financial risk of the fine, companies also face considerable risks in accountability, tracking and reporting on online tactics. All website analytics tools operate on cookies, which could be a substantial drop in trackable traffic. The ICO has already reported a 90% drop in measurable traffic, which indicates that only one in ten users actually opted in to cookies. This drop in measurable visibility means a decrease in reliable data for online marketers. Finally, with the enforcement laws varying per country, companies will have to be aware of the legal implications in every nation in which they operate. This will be a challenging and costly endeavor.
If you have specific questions, feel free to participate in the comments below. We would be happy to share further information! You can also review some of our sources: