The document discusses the revised EU ePrivacy Directive and its implications. The Directive requires informed consent for cookies and other technologies, replacing previous "notice and opt out" requirements. It impacts all organizations doing business digitally in the EU. While intended to empower consumers, a strict interpretation could detrimentally impact internet advertising, publishing, commerce and consumers. The UK has adopted a pragmatic compliance approach focused on transparency, prominence and context. Businesses should understand the changes, be transparent in communications, prominently display consent options, consider usage context, and join self-regulatory programs.

1. Preparing for the revised ePrivacy Directive
26 April 2012

2. Our Challenge
 The revised EU ePrivacy Directive is part of a broader policy debate about
privacy.
 It is a debate about the evolution of the digital environment - and how it
aims to benefit the citizen, business, government and the public sector.
 The UK has the most advanced internet economy in the world (Boston
Consulting Group). We are the most advanced ‘digital citizens’ in the world
(Ofcom).
 This continued success depends upon the use of data, enabling consumers
to access tailored content, services and applications.
 But this must be used responsibly and transparently to empower the
consumer.

3. What is the ePrivacy Directive?
 The revised EU ePrivacy Directive is part of a broader piece of European
legislation – the EU Electronic Communications Framework.
 Implemented into UK law in May 2011 – the revised Privacy & Electronic
Communications Regulations 2011.
 New law replaces ‘notice and opt out’ requirements for cookies and other
technologies with a requirement to obtain informed consent.
 There is an exemption for when uses are “strictly necessary” for the service
explicitly requested by the user (eg shopping baskets).
 Revised Directive needs to be implemented into the national laws of each EU
country.
 Many haven’t done it yet – and there are also different transpositions.

4. What does it mean?
 The new law goes beyond advertising and impacts every organisation – big
or small – doing business in a digital environment (online and mobile).
 It is not just about ‘cookies’. It applies to all technologies used to store /
process information (on a user’s device).
 A strict interpretation (ie opt in) would have a detrimental impact upon the
internet – to advertising, to publishing, to commerce, to consumers!
 The UK Government recognises that the new law is a “well meaning
regulation that will be very difficult to work in practice”.
 It has adopted a pragmatic approach – enshrined in the ICO’s guidance.
 There are good examples of what you should consider.

5. So, what should you be doing to comply?
 There are five key things that businesses should be doing in working
towards compliance:
1. Know what’s going on!
2. Be clear and transparent.
3. Deliver prominence.
4. Context is king!
5. Join the EU advertising self-regulation programme (icon etc).
www.youronlinechoices.eu/goodpractice.html.
 You can see the full five step guide at: www.iabuk.net/blog/tackling-the-
eprivacy-conundrum.

6. Thanks!
nick@iabuk.net
www.iabuk.net/policy
www.twitter.com/nickstringer