Connect with the DMA…• The #tag for this event is: #dmalegal• LinkedIn: DMA: Direct Marketing Association (UK) Limited• Twitter: @DMA_UK/ @DMANorth• DMA Website: http://www.dma.org.uk• Email: email@example.com or firstname.lastname@example.org• Phone: 020 7291 3300 or 0161 918 6722
Today’s agenda• 13.30 – 13:50 Registration and Coffee• 13.50 – 13.55 Event Introduction• 13.55 – 14.25 Cookies – Are you ready?• 14.25 – 15.00 Data Protection• 15.00 – 15:30 Hot Industry Issues• 15.30 – 15:50 Coffee Break• 15:50 – 16:50 Postal Affairs• 16:50 – 17:00 Panel Debate and Close
DMA North Legal UpdateTuesday 17th April 2012 Caroline RobertsDirector of Public Affairs Janine Paterson DMA Solicitor
Cookies – Are You Ready? DMA North Legal Update 17th April 2012
Covering• 26th May?• What does the law require?• Whats the ICO saying?• What steps should you have been taking?• What steps have some already taken?• What impact are these changes likely to have?• OBA
26th May• Information Commissioner recognised the inevitable upheaval for the online industry• Granted a grace period until 26th May 2012• ICO wanted companies to: – Audit what cookies they use – Plan for how they are going to obtain consent
What does the law require?• The EUs revised privacy and communications directive came into force on 26 May 2011• For clarity the EU laws have been in place since 2003 and always required anyone using cookies to provide clear information about them.• The changes in May dramatically tightened the rules: now, anyone depositing cookies is required not just to provide clear information about them but also to obtain consent from users to store a cookie on their device.• Technically all firms must comply with the law but in the UK we have until end May 2012 to ensure we are compliant
The law doesn’t just cover cookies• The law isn’t actually about cookies, but because it affects them so much people have started calling it the ‘Cookie Law’• The law covers all technologies which store information in the “terminal equipment" of a user, and that includes so- called Flash cookies (Locally Stored Objects), HTML5 Local Storage, web beacons or bugs…and more• This applies to email and mobile marketing too!
This is what the law requires:• A person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.• (2) The requirements are that the subscriber or user of that terminal equipment- • is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and • has given his or her consent.• There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is: • for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or • where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
In practiceThose setting cookies must:• tell people that the cookies are there,• explain what the cookies are doing, and• obtain their consent to store a cookie on their device.
Two exemptions from consentrequirement• 1. “use of cookie is for the sole purpose of carrying out the transmission of a communication over an electronic communications network“• 2. “cookies that are strictly necessary for the provision of a service” – e.g. internet banking, online shopping carts, website log-ins
What’s the ICO saying?• On 13 Dec 2011 the ICO issued his half-term report on how things are going.• His verdict, he wrote, "can be summed up by the schoolteachers favourite clichés: could do better and must try harder. A report that listed the URLs of sites that were perfectly compliant from day one would be very short indeed. This is not a surprise to anyone who recognises that redeveloping and redesigning is no easy task.“
Take some comfort …• “The guidance we’ve issued today builds on the advice we’ve already set out, and now includes specific practical examples of what compliance might look like. We’re half way through the lead-in to formal enforcement of the rules. But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”
Check what type of cookies you use• This might have to be a comprehensive audit of your website or it could be as simple as checking what data files are placed on user terminals and why.• You should analyse which cookies are strictly necessary and might not need consent.• You might also use this as an opportunity to ‘clean up’ your webpages and stop using any cookies that are unnecessary or which have been superseded as your site has evolved• And also check that you have identified ALL your websites.
Assess how intrusive your use ofcookies is• ….It might be useful to think of this in terms of a sliding scale, with privacy neutral cookies at one end of the scale and more intrusive uses of the technology at the other.• You can then focus your efforts on achieving compliance appropriately providing more information and offering more detailed choices at the intrusive end of the scale.
Decide how to obtain consent• Once you know what you do, how you do it and for what purpose, you need to think about the best method for gaining consent.• The more privacy intrusive your activity, the more you will need to do to get meaningful consent…. – Pop-up box – Splash page – Landing page – Webpage header, banner or scrolling text – Through T&Cs for registered website users – Cannot currently rely on users’ browser settings!
What visible (and other) steps havesome taken?• Google awareness campaign – Good to know• Redbridge Media• BBC• DCMS
What impact will all this have?• A large number of services may only be offered – free of charge – because their providers finance them by means of advertising and behavioural targeting has proved to be the most efficient method of advertising on the Internet.• In other words, many services that are available on the Internet could not be offered at all or at least not free of charge, if they were not financed by advertising.
Impact?• There are other sites that demonstrate the potential impact in a humorous way including David Naylor’s site …
Online Behavioural Advertising rules on cookies will affect OBA Retargeting of relevant mes s age (eg Profile built up fas hion) FashionC ons umer’s journey over Musica week News Car insurance
Online Behavioural Advertising• European industry working group developing pan- European framework, working with Commission• EASA Best Practice Recommendation on OBA adopted• Possible use of icon as indication to consumer, to give greater transparency and control over OBA, thereby complying with requirements of PECR.• Self-regulation on complaints – by ASA & counterparts in EU Member States – UK industry working through Advertising Association on a recommendation to CAP
Education Education Education• PWC Research commissioned by DCMA in February 2011 found that…• 41% of those surveyed were unaware of any of the different types of cookies (first party, third party, Flash/Local Storage). Only 50% were aware of first party cookies.• Only 13% indicated that they fully understood how cookies work, 37% had heard of internet cookies but did not understand how they worked and 2% of people had never heard of internet cookies.• 37% said they did not know how to manage cookies on their computer
In conclusion• Issues surrounding implementation of regulation for email and mobile marketing still a grey area. ICO guidance?• ICC Guide on cookies issued this month.• Getting it wrong could result in adverse commercial impact – and regulatory intervention?• The rules of engagement online WILL change – How is up to you.
Draft EU Data Protection Regulation• Where are we now• Background to the proposal• Key points in the proposed Regulation• DMA lobbying
Where are we now?• European Commission published draft Data Protection Regulation 25th January 2012• Consultation process since May 2009• Ministry of Justice Call for Evidence Jan-Feb 2012• Jan 2012 – 2014?? – European legislative process• ?? 2016 – New Regulation in force
Why revise the framework now?1995 European Directive ( implemented into UK by 1998 Data Protection Act ) showing its age due to:1) Law doesn’t take account of new technologies – and more complex information networks: interconnected data rather than held in databases2) Lack of common European law and differences in national implementation3) Consumer concern over privacy – high profile data security breaches, etc.
Key points in the draft Regulation Opt-in and opt–out - obtaining consent• General rule for direct marketing – “explicit consent by clear statement or affirmative action” . Much more prescriptive.• Possible legitimate interests exemption ?• Legacy databases – what about data collected under current law?• At worst, if consent cannot be proved, whole databases could be scrapped.• At odds with existing rules on voice calls, email and SMS marketing• Would almost certainly lead to requirements for increased opt-in mechanisms Increased burdens on business Decrease in functionality of many consumer- friendly services
Key points in the draft RegulationIP addresses and cookies• Definition of personal data extended so could cover some IP addresses and cookies• But IP addresses identify a device not an individual + some IPs are general, e.g. in a library or internet cafe• Huge implications for digital marketers• Web analytics & profiling made much more difficult, if not impossible• Interaction with new cookie rules
Key points in the draft Regulation The right to be forgotten• Right for individuals to request organisations to delete any information held on them• Drafted with social media in mind – but goes beyond this• For dm, there is an obligation to suppress, rather than delete, i.e. “need to keep to remember to forget”.• Also problem of information which has already been passed on to third parties• Possibility of misleading consumers by raising unrealistic expectations• Need to strike more reasonable balance between consumer expectations and limiting use of data for legitimate business purposes.• A possibility that dm might be OK - but this needs to be clarified
Key points in the draft RegulationData Breach notification• Every organisation that suffers a data security breach would have to notify Information Commissioner’s Office and the individuals concerned within 24 hours• Not always obvious if there has been a breach or how extensive it is• Problem of notification fatigue, so individuals could fail to take action when it is necessary to do so.• No threshold level specified.
Key points in the draft RegulationSubject Access Requests• Data subjects to be able to request full information on data held on them free of any charge• Currently can levy a £10 fee – doesn’t cover cost but deters time-wasters, frivolous or vexatious requests.• Costs organisations £50 million p.a. now to meet SARs• Proposal that can provide data in electronic form if data subject agrees to this
Key points in the draft Regulation- Marketing to Children• General rule – parental consent required for under 18’s• Exception for online marketing to children under age of 13• No flexibility – a risk-based approach would be better.
Key points in the draft Regulation Compliance obligations• Data protection obligations now shared between agencies and clients, for example if holding client’s database• Appointment of designated Data Protection Officer for organisations with 250+ staff• Accountability/Privacy by Design/Privacy by Default• Increase in fines/sanctions – in stages, of up to 2% of global turnover or 1 million euros• International transfers of data outside EEA – law would apply to any processing of data or EU citizens. Not always possible to tell.
EU Draft Data Protection Regulation• A major concern is that much of the detail of the Regulation will be implemented through additional delegated legislation – some 45 Delegated Acts are mentioned.• Details of this secondary legislation will not be clear until Regulation passed• These areas of secondary legislation will include: • powers to specify further procedures • technical standards for Privacy by Design/Default • specification of lawful processing condition • additional responsibilities for national data protection authorities; etc.• European Commission will be taking significant powers to itself away from the national authorities - raises serious issues of subsidiarity and accountability
EU Draft Data Protection Regulation- DMA View• DMA welcomes the Commission’s aim to reduce red tape and simplify bureaucracy – but proposals do not achieve that: overly strict, bureaucratic and unworkable• Hard to say how Commission’s estimate of 2.3 billion euros saving to businesses was calculated• Needs to be a fair balance between privacy and legitimate business interests• Current proposals will stifle innovation, add considerably to business costs and place unnecessary obstacle to e-commerce jobs growth• Will be particularly harmful to SMEs
What the DMA is doing• DMA working on this since European Commission began review in 2009; responding to European Commission consultations and participating in stakeholder sessions.• Federation of European Direct and Interactive Marketing Associations (FEDMA) in Brussels leading collective EU dm effort – UK DMA chairs Legal Affairs Committee• Lobbied Commission intensively after unofficial draft leaked in Dec 2011 – with some success• Responded to Ministry of Justice’s Calls For Evidence in 2010 and 2012, with input from DMA members.• Now lobbying UK Government and European institutions as the proposal goes through the European legislative process• Leading UK Data Industry Group response to the proposed legislation & participating in CBI Group on Data• Key research on consumer attitudes to privacy and on the economic value of the dm industry
Other legislative areas• London 2012 Olympic Games• Consumer Rights legislation• Marketing to children• Telemarketing• Financial services• Alcohol marketing• Environment
London 2012 Olympic andParalympic Games• Begins 27th July 2012 and ends on 12 Aug 2012.• Legal restrictions on marketing and advertising around Games to protect sponsors’ investment and prevent ambush marketing• Covers all media - print, direct, outdoor, TV, radio, video, cinema, ambient, & online advertising (inc. Google Adwords)
Rights protection• Honouring commitments to the IOC & IPC• Preserving the long term reputation and value of the Olympic and Paralympics brands• Protecting commercial partners’ investment in the Games - protecting the Olympic brand is central to funding the Games
Do’s and don’ts• Do respect the investment made by sponsors to gain an exclusive right of association to the Games• Don’t suggest an association between your product or services and the Games or London 2012 – this includes: • Using protected symbols, motto, words, etc. as to likely to create in the public mind an association • Marketing materials and sales promotions • Internal corporate marketing • Employee engagement activities• See www.london2012.com
Consequences of infringement• Priority is to ensure infringing promotion is stopped via cease and desist requests• LOCOG (and the BOA/BPA) are entitled to seek: • damages • an account of profits • an injunction • orders for delivery up of goods etc.
Consumer LandscapeMOJ/BIS – A Common Sales Law for the EU – call for evidence• European Commission have long talked of a European sales law as the solution to the challenges of differing national laws across the EU. A common sales law to kick-start the economy in the single market• EC issued consultation on 11th October 2011• Call for evidence issued on 28th February running to 21st May• UK Government are not convinced that the benefits will be as significant as the EC believes and they feel that there may be costs to business that have not been considered.• Government needs views to form policy and help their negotiations in Europe
Consumer LandscapeBIS Enhancing Consumer Confidence through Effective Enforcement• Powers of enforcement bodies are spread across around 60 pieces of legislation causing confusion for both businesses and enforcers. Consulting on proposals in 5 areas: – Consolidating and simplifying consumer law powers into a generic set; – Improving cross boundary cooperation and authorisation; – Encouraging proportionate enforcement by removing barriers to the use of civil enforcement; – More flexible qualification and competency requirements; – Enabling competition in the calibration of measurement standards market
Marketing to children• General political concern about over- commercialisation• Bailey Review on Commercialisation and Sexualisation of Childhood – “Letting Children Be Children” - report published 6th June 2011• Says role and practice of advertising in broadly good shape – praises industry initiatives, e.g. CHECK• 5 key recommendations: • Sexual imagery on billboards, magazine covers, • No under-16 brand ambassadors & peer to peer techniques • Harmonisation of the age of a child at 16 • Website for parents to complain • Improving industry and regulatory understanding of parental concerns
Marketing to children – industryresponse• Children’s Panel set up to monitor advertising to children and take forward issues of concern• Parent Port – gateway portal for parents for information, advice, complaints, etc.• Research - Credos, Advertising Association think tank• UK Brand Ambassador and Peer-to-Peer Marketing Pledge:• Agreed principle that “ Young people under the age of 16 should not be employed directly or indirectly paid or paid-in-kind to actively promote brands, products, goods, services, causes or ideas to their peers, associates or friends”• 30+ national company signatories + 13 trade associations, including DMA• Industry awareness campaigns
Telemarketing• OFCOM issued consultation 4th April on Simplifying Non-geographic Numbers - Detailed proposals on the unbundled tariff and Freephone http://stakeholders.ofcom.org.uk/consultations/simpli• Non-geographic numbers include 03, 080, 0845,0870, 083/4, 0871/2/3, 09 and 118 numbers. These numbers are used to call businesses and Government agencies, to get information, make payments for services and vote on TV shows. Nearly every consumer and every company in the country uses these numbers in some way.
TelemarketingThe system does not work for consumers – issues include: – Confusion about the price: People are confused about what these numbers mean and how much calls cost. As a result, they lack confidence and trust in these services. – Even freephone is not clear cut: It is not free on most mobile services and this is leading to consumers having doubts about the cost on landlines (where is it normally free) – Concerns about revenue sharing: A lack of transparency and high charges by some phone companies means many customers have suspicions that they are deliberately being exploited by companies, being held on the line unnecessarily for example. This is unduly causing consumers to restrict calls to these numbers - reducing the benefit to companies of using them.
Telemarketing• Main proposals: – Freephone: (080 and 116 numbers) to be free from all telephones, landline and mobile; – 03: to become the only non-geographic number range linked to the price of a call to a geographic number (i.e. the 01/02 number ranges); – Revenue sharing ranges: (084, 087, 09 and 118 numbers -where a portion of the retail charge is passed back to the receiver of the call) are to have a common simplified structure.• Consultation closes 27th June 2012
Financial Services• EU Gender Directive – In force 21st December 2012 – ECJ ruled 1st March 2011 that gender sensitive pricing is contrary to the principle of equal treatment in EU law – Therefore gender neutral pricing will become the norm – Unisex premiums would see the lower-risk gender paying more to subsidise the high-risk gender
Financial Services – consumer credit• Consumer Credit in limbo? – Investigations into payday loans and payment protection insurance have raised the issue of standards in the consumer credit market – BIS Committee of MPs has called for tighter controls on debt management companies and payday lenders • Outline timetable within 6 months to decide whether control of consumer credit will go to Financial Conduct Authority • Charge higher licensing fees for higher risk credit businesses • Put in place a fast track procedure to suspend credit licences • Give the regulator the power to ban harmful products
Alcohol• Government issued its Alcohol strategy on 23rd March• Focus on pricing issues• Positive comments on the work of self-regulation• Following this, the Commons Health Committee have announced it will hold an inquiry into the Governments’ proposals• The inquiry will look at: – The effects of marketing on alcohol consumption, in particular in relation to children and young people. – International evidence of the most effective interventions for reducing consumption of alcohol and evidence of any successful programmes to reduce harmful drinking, such as: – Public health interventions such as education and information; – Reducing the strength of alcoholic beverages; – Raising the legal drinking age; and – Plain packaging and marketing bans.
Environment• The DMA and Defra signed a Responsibility Deal in 2011.• Part of this was the introduction of a new website where householders can opt-out of receiving all types of advertising mail.• Aim to reduce the amount of unwanted advertising mail put through the letterbox• Doorstop Preference Service is ready to launch – awaiting final Defra input
Any Questionsemail@example.com 7291 firstname.lastname@example.org 7291 3356 DMA members can contact DMA Legal Department for free advice: by email: email@example.com or call: 020 7291 3300
Postal RegulationWhat is changing and the implicationsAlex Walsh17th April 2012
Background• Postal Services Act 2000 – Set up Postcomm, Postwatch – “universal service” – Removal of monopoly• Postal Services Act 2011 – Prepare for private ownership • State Aid – pensions, loans • Postcomm Ofcom • “Commercial return” on Universal Service
OFCOM• “Light touch” regulation – Commercial freedom – Ex anteEx post – Protect the Universal Service• Consultations – Securing the Universal Postal Service – Review of Regulatory conditions – Decisions published 27th March
What is changing?Price control•Postcomm formula – Too complex – Ineffective•OFCOM decision – No price control – Except for 2nd class letters, some packets
What is changing?Price Control - implications•Royal Mail have commercial freedom – “opportunity pricing” not cost related – More scope for individual contracts, sales etc – Ability to negotiate?•VAT – HMRC rules state only exempt if – Part of Universal Service – Or subject to price control
What is changing?Terms and conditions From 2nd April Universal service products eg 3 months notice of price 1 month’s notice of price stamped and metered mail changes changes 3 months notice of changes to 1 month’s notice of price terms and conditions changes Regulatory approval of “non “Fair and reasonable” terms and beneficial” changes conditions for universal servicesRoyal Mail “retail” eg products 3 months notice of price changes Nonebought directly from Royal Mailincluding all bulk mail products 3 months notice of changes to None terms and conditions Regulatory approval of “non No requirement beneficial” changes
What is changing?Terms and conditions - implications•Pricing changes could be more frequent•Product specifications changed at shortnotice – “beneficial and non-beneficial”•No formal appeals process
What is changing?Return to sender•Currently in product specs but norequirement•Chargeable option in future?Quality of Service•No obligation to do this for servicesoutside Universal service•Will RM continue?•Will they make public?•Research and private monitoring?
VAT• Historically post VAT exempt• TNT challenge – ECJ ruling • “Services for the public good” • Individually negotiated prices – HMRC interpretation • USO exempt • Services subject to price control• DSA “Agency agreements”
VAT• Some services already subject to VAT• RM “Retail” services outside USO subject to VAT from 27/3/2012 – All bulk mail – Standard account mail• RM “Wholesale” subject to some “price control” – 2nd class letters and large letters VAT exempt
VAT Royal Mail Retail Royal Mail WholesaleSubject to VAT All bulk mail. All services except “standard” 2nd class letters All standard account mail and large letters Business mail. Packets through account, Packetpost, Packetsort. Response services International contract services to EU countriesVAT Exempt 1st and 2nd class stamped mail. Metered “standard” ie 2nd class letters and large letters mail through single piece account. Special delivery not through account.
VAT mitigation• RM “single piece” account• DSA competitors – but only 2nd class letters/large letters• Beware of “single source”! – Used with VAT exempt print – What is an “ancillary” service? – Supply of “goods” or “service” – Risk of severe penalties!
Summary• Postal Market very different after April – Scale and pace of change• More complex but opportunities for postal users• Help and advice available
We hope you enjoyed today’s session Presentations will be emailed to you tomorrow. A final thank you to all of today’s speakers: Janine Paterson, DMA Caroline Roberts, DMA Alex Walsh, DMAPlease return your completed evaluation forms and badges to the registration desk we look forward to seeing you again!