SlideShare a Scribd company logo

Which way is the new cookie law starting to crumble

R
RobertMachin
Technology
1 of 3
Download to read offline
Which way is the new cookie law starting to crumble? We look back at some of our clients’ and the wider digital media industry’s approach to the new cookie laws which came into force in May this year. Quick recap. As from May, you can only place and access cookies and similar technologies (e.g. web tags, beacons, clear gifs) on a user’s machine if you have prior, specific, informed consent from that user to do so. There are only two exceptions: where the cookie is “strictly necessary” for performance of a service a user has requested, or where its sole purpose is to transmit communications over a network. The law covers both cookies you place and those placed by others through your sites, such as analytics applications and advertising networks. Knowledge is power. You probably need an audit. Very few businesses actually know what cookies are used throughout their sites (even if they think that they do at the outset). The results can be startling. Knowledge is not easy to acquire. There are lots of audit tools and service providers available, but not all of them are created equal. You need a reasonable amount of detail out of any review or audit in order to be apply to make decisions appropriately. Furthermore, even a good review or audit may leave you with awkward hangover questions. You need to make sure you have time to address these, if not immediately, then going forward. Don’t forget email! Tags are frequently used in email marketing. Make sure your current email practices are in scope for any review. The exceptions are narrow, but not as narrow as you might think. An EU body has produced guidance which has clarified what can be considered “strictly necessary” for performance of a service a user has requested. Some social media services are covered, but not all of them. Consent to what? A policy listing all cookies with descriptions of each one, or a rough overview by class? The former approach has probably received most support to date (it is more conservative), but since the International Chamber of Commerce issued some related guidance setting out classes of cookie, the latter approach has increasingly started to find favour. Any approach should be legally risk-weighted – the most intrusive cookies should receive most attention in your policy (although this can be scary if they are also the most important commercially). To “agree” or not to “agree”? The Information Commissioners Office has come out to confirm in general that consent can be implied. In practice, this means using a pop-up to flag the use of cookies on a site (you will have probably seen examples in your own browsing to date), which falls short of giving “I agree” and “I don’t agree” options. Some pretty powerful stats have been published about the commercial dangers of using an “I agree” mechanism with end users (many don’t agree!). Links alone? Many retailers have held fire on using any pop-ups because of user experience risks, and just gone with new site links (akin to the industry approach to privacy policies to date). Links are part of the cookie compliance landscape, but in isolation their use is far from ideal. Cookies are usually placed as soon as a user accesses a site; this needs to be flagged up straight away for consent to be validly implied. By comparison, a privacy policy normally becomes relevant on marketing sign up or a sale; a later process in which it can be (and should be) expressly flagged up. © DWF LLP 2012 4011277-3 /RQM
Which way is the new cookie law starting to crumble? Cookie management. Many sites are rolling out tools to manage cookies, even if initial consent is implied. A proliferation of approaches exists, but the basic concept is unquestionably correct: you are meant to empower a user so that they can withdraw their consent down the line if they want to. At present, you need to take action yourself in this area; it looks like the web browser industry is not going to come up with a solution in the medium term (some EU bodies are concerned that the US driven “Do not track” initiative will not meet the standards required by the new cookies law) If you do decide to roll-out your own cookie-management tool the site and business impact can be high, so any approach needs thinking through in full. There is a growing trend to use the International Chamber of Commerce’s recommended cookies classes as a basis, and give options so that a user can leave some cookies “on” (above those “strictly necessary”) and just turn “off” the most intrusive, ad-serving ones. Embedding customer preferences? If a user impliedly consents, how are you going to record this? Via a cookie on their machine? If so, this needs to be included in your policy. What happens if the cookie is later deleted by the user (either manually or on an automatic basis)? Do you want users being hit by repeat consent messages? If not, you might want to consider alternative technologies to record a user’s consent. Embedding change control in your business. It is one thing to embed the current position into your web estate; it is quite another to ensure any changes to your use of cookies is picked up and reflected in your consent mechanism. Think about what controls you need, and how these should be communicated. Do people need to know a little about the law to understand them? The challenge(s) of mobile sites. Don’t forget about them! They often take a different approach to your main site. Mobile is also a more challenging environment in which to present cookie information and seek consent. Should you consider developing a user-friendly approach for mobile and then rolling it out to your main site? Going EU-wide? The new cookie law is driven by an EU Directive. This means that each EU member state has some discretion in implementing its cookie laws, albeit from a common base. So if you have premises and websites outside the UK but within the EU you may have to grapple with multiple cookie laws which do not follow a completely consistent approach. That said, at present very few of the EU member states have rolled their new laws - the EU Commission is in the process of bringing fines – so you might have a breathing space for now. Going global? If your business operates outside the EU, don’t think the relevant part is automatically outside of the new cookie law. You need to consider the position carefully. The new laws do not distinguish between sites targeting EU citizens and those targeting people elsewhere. If your main place of business is in the UK, or your servers are here, you are likely to be caught. Is anyone going to punish me if I can’t be bothered? It is fair to say that the regulators have not come out all guns blazing to date, and there has been some noise to the effect that they do not see cookie compliance as a high priority. That said, they have extensive powers to investigate non- compliance, seek public undertakings from businesses to force improvements (which are embarrassing for board members to have to sign), and ultimately levy fines and bring criminal proceedings. Some businesses have deliberately “baited” the regulators, so a showdown is possible. Needless to say, we would not advocate doing nothing. The work involved in getting compliant is not © DWF LLP 2012 4011277-3 /RQM
Which way is the new cookie law starting to crumble? trivial but you wouldn’t want the additional hassle and expense involved in responding to a regulatory trivial regulatory investigation, even a gentle one (it is not quick or cheap to do). Where do you want your brand to be? The new cookie laws are just one part of the privacy cookie landscape and the market norm in this area are still emerging, but putting pure legal compliance to norms one side, it is hard to advocate stasis as a valid option if you are at all sensitive about your brand. It should come as no surprise that businesses with major brands – e.g. BT and John Lewis – have been come very proactive in their compliance and treated their approach with the same care and precision as you treated would expect of their main sales and advertising web pages. Ultimately, for a user concerned about pages. Ultimately, for their privacy, your cookies and privacy pages may be the only opportunity you have to win their privacy custom, so they are worth doing well. Interested in learning more? Feel free to give me a call or email using the details below. Robert Machin Associate Commercial & IP DD +44 (0)161 604 1676 (Ext. 1676) DF +44 (0)161 603 5050 M +44 (0)7827 950 415 DWF LLP 1 Scott Place 2 Hardman Street Manchester M3 3AA T +44 (0)161 603 5000 F +44 (0)161 603 5050 www.dwf.co.uk © DWF LLP 2012 4011277-3 4011277-3 /RQM

Recommended

The DMA conference 2012
The DMA conference 2012The DMA conference 2012
The DMA conference 2012Rachel Aldighieri
 
Do Not Track vs. Affiliate Marketing
Do Not Track vs. Affiliate MarketingDo Not Track vs. Affiliate Marketing
Do Not Track vs. Affiliate MarketingAffiliate Summit
 
Net Neutrality in Education
Net Neutrality in EducationNet Neutrality in Education
Net Neutrality in EducationCraig Geffre
 
DMA Cookies update
DMA Cookies updateDMA Cookies update
DMA Cookies updateRachel Aldighieri
 
Historia pc
Historia pcHistoria pc
Historia pcEdwin Vargas
 
как организовать исследования учащихся в учебных проектах в «е км-школе»
как организовать исследования учащихся в учебных проектах в «е км-школе»как организовать исследования учащихся в учебных проектах в «е км-школе»
как организовать исследования учащихся в учебных проектах в «е км-школе»Tatyana Voronova
 
Bergamo 2 dicembre Comunicazione
Bergamo 2 dicembre ComunicazioneBergamo 2 dicembre Comunicazione
Bergamo 2 dicembre ComunicazioneBarbieri & Associati Dottori Commercialisti - Bologna
 
Redes De Computadoras
Redes De ComputadorasRedes De Computadoras
Redes De Computadorasdiegohumberto
 

Recommended

The DMA conference 2012
The DMA conference 2012The DMA conference 2012
The DMA conference 2012Rachel Aldighieri
 
Do Not Track vs. Affiliate Marketing
Do Not Track vs. Affiliate MarketingDo Not Track vs. Affiliate Marketing
Do Not Track vs. Affiliate MarketingAffiliate Summit
 
Net Neutrality in Education
Net Neutrality in EducationNet Neutrality in Education
Net Neutrality in EducationCraig Geffre
 
DMA Cookies update
DMA Cookies updateDMA Cookies update
DMA Cookies updateRachel Aldighieri
 
Historia pc
Historia pcHistoria pc
Historia pcEdwin Vargas
 
как организовать исследования учащихся в учебных проектах в «е км-школе»
как организовать исследования учащихся в учебных проектах в «е км-школе»как организовать исследования учащихся в учебных проектах в «е км-школе»
как организовать исследования учащихся в учебных проектах в «е км-школе»Tatyana Voronova
 
Bergamo 2 dicembre Comunicazione
Bergamo 2 dicembre ComunicazioneBergamo 2 dicembre Comunicazione
Bergamo 2 dicembre ComunicazioneBarbieri & Associati Dottori Commercialisti - Bologna
 
Redes De Computadoras
Redes De ComputadorasRedes De Computadoras
Redes De Computadorasdiegohumberto
 
Tarres: presentación mesa "tramitación"
Tarres: presentación mesa "tramitación"Tarres: presentación mesa "tramitación"
Tarres: presentación mesa "tramitación"e-Kanal Tarrés
 
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012Jaco van Duivenboden
 
Robots
RobotsRobots
RobotsVostrikov Arkady
 
Maximas
MaximasMaximas
MaximasAna Isabel Sanchez Mercado
 
NGTEST - presentation title - 041219
NGTEST - presentation title - 041219NGTEST - presentation title - 041219
NGTEST - presentation title - 041219techweb08
 
Who wants to be millionaire
Who wants to be millionaireWho wants to be millionaire
Who wants to be millionairemireiasalo88
 
Maptitude - CALIPER - Compre com a SALDIT SOFTWAR
Maptitude - CALIPER - Compre com a SALDIT SOFTWARMaptitude - CALIPER - Compre com a SALDIT SOFTWAR
Maptitude - CALIPER - Compre com a SALDIT SOFTWARSaldit Software
 
Personal dl31
Personal dl31Personal dl31
Personal dl31noismart
 
Trabajo de sena
Trabajo de senaTrabajo de sena
Trabajo de senaruben-yelinsa-alenxer
 
Teories Etiques
Teories EtiquesTeories Etiques
Teories EtiquesDaniel Fernández
 
42 sia i circolare
42 sia i circolare42 sia i circolare
42 sia i circolareMimmo Ventrella
 
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...yann le gigan
 
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...lascounic
 
쿠알라룸푸프 여행가이드북 Kuala ebook
쿠알라룸푸프 여행가이드북 Kuala ebook쿠알라룸푸프 여행가이드북 Kuala ebook
쿠알라룸푸프 여행가이드북 Kuala ebook더존투어 (오케이골프투어)
 
Ruffles
RufflesRuffles
RufflesAsdrubal
 
Capitalismo
CapitalismoCapitalismo
CapitalismoYeimy SaHer
 
Tatiana - Aldana - Tatiana
Tatiana - Aldana - Tatiana Tatiana - Aldana - Tatiana
Tatiana - Aldana - Tatiana ProfSusanaEscobar
 
Ctc m1 b_v1_t
Ctc m1 b_v1_tCtc m1 b_v1_t
Ctc m1 b_v1_tconfidencial
 
HELADERIA ICE BEER
HELADERIA ICE BEERHELADERIA ICE BEER
HELADERIA ICE BEERpamelakittycampos
 
คำสั่งควบคุม
คำสั่งควบคุมคำสั่งควบคุม
คำสั่งควบคุมumaraporn
 
Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)RobertMachin
 
Barclays
BarclaysBarclays
Barclayskedwards100
 

More Related Content

Viewers also liked

Tarres: presentación mesa "tramitación"
Tarres: presentación mesa "tramitación"Tarres: presentación mesa "tramitación"
Tarres: presentación mesa "tramitación"e-Kanal Tarrés
 
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012Jaco van Duivenboden
 
NGTEST - presentation title - 041219
NGTEST - presentation title - 041219NGTEST - presentation title - 041219
NGTEST - presentation title - 041219techweb08
 
Who wants to be millionaire
Who wants to be millionaireWho wants to be millionaire
Who wants to be millionairemireiasalo88
 
Maptitude - CALIPER - Compre com a SALDIT SOFTWAR
Maptitude - CALIPER - Compre com a SALDIT SOFTWARMaptitude - CALIPER - Compre com a SALDIT SOFTWAR
Maptitude - CALIPER - Compre com a SALDIT SOFTWARSaldit Software
 
Personal dl31
Personal dl31Personal dl31
Personal dl31noismart
 
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...yann le gigan
 
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...lascounic
 
คำสั่งควบคุม
คำสั่งควบคุมคำสั่งควบคุม
คำสั่งควบคุมumaraporn
 

Viewers also liked (20)

Tarres: presentación mesa "tramitación"
Tarres: presentación mesa "tramitación"Tarres: presentación mesa "tramitación"
Tarres: presentación mesa "tramitación"
 
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012
Huisarts, chronische zorg en ehealth nhg - cz dag januari 2012
 
Robots
RobotsRobots
Robots
 
Maximas
MaximasMaximas
Maximas
 
NGTEST - presentation title - 041219
NGTEST - presentation title - 041219NGTEST - presentation title - 041219
NGTEST - presentation title - 041219
 
Who wants to be millionaire
Who wants to be millionaireWho wants to be millionaire
Who wants to be millionaire
 
Maptitude - CALIPER - Compre com a SALDIT SOFTWAR
Maptitude - CALIPER - Compre com a SALDIT SOFTWARMaptitude - CALIPER - Compre com a SALDIT SOFTWAR
Maptitude - CALIPER - Compre com a SALDIT SOFTWAR
 
Personal dl31
Personal dl31Personal dl31
Personal dl31
 
Trabajo de sena
Trabajo de senaTrabajo de sena
Trabajo de sena
 
Teories Etiques
Teories EtiquesTeories Etiques
Teories Etiques
 
42 sia i circolare
42 sia i circolare42 sia i circolare
42 sia i circolare
 
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...
LIVRE BLANC - D'un système de santé curatif à un modèle préventif grâce aux o...
 
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...
Simpósio Hanseníase - Situação atual da hanseniase no Brasil e mundo - derma...
 
쿠알라룸푸프 여행가이드북 Kuala ebook
쿠알라룸푸프 여행가이드북 Kuala ebook쿠알라룸푸프 여행가이드북 Kuala ebook
쿠알라룸푸프 여행가이드북 Kuala ebook
 
Ruffles
RufflesRuffles
Ruffles
 
Capitalismo
CapitalismoCapitalismo
Capitalismo
 
Tatiana - Aldana - Tatiana
Tatiana - Aldana - Tatiana Tatiana - Aldana - Tatiana
Tatiana - Aldana - Tatiana
 
Ctc m1 b_v1_t
Ctc m1 b_v1_tCtc m1 b_v1_t
Ctc m1 b_v1_t
 
HELADERIA ICE BEER
HELADERIA ICE BEERHELADERIA ICE BEER
HELADERIA ICE BEER
 
คำสั่งควบคุม
คำสั่งควบคุมคำสั่งควบคุม
คำสั่งควบคุม
 

Similar to Which way is the new cookie law starting to crumble

Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)RobertMachin
 
Kieon cookie law presentation Jan 2012
Kieon cookie law presentation Jan 2012Kieon cookie law presentation Jan 2012
Kieon cookie law presentation Jan 2012Kieon
 
Here comes the Cookie Monster
Here comes the Cookie MonsterHere comes the Cookie Monster
Here comes the Cookie MonsterBANNER
 
Greenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight Digital
 
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdfA-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdfAdzappier
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youCookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youKWD Webranking
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Comprend
 
Complying With The New Cookie Regime (April 2012)
Complying With The New Cookie Regime (April 2012)Complying With The New Cookie Regime (April 2012)
Complying With The New Cookie Regime (April 2012)Stuart Miller
 
eBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardseBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardsJon Egley
 
DMA North: The DMA legal update
DMA North: The DMA legal updateDMA North: The DMA legal update
DMA North: The DMA legal updateRachel Aldighieri
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfAdzappier
 
A Marketer's Ultimate Guide to Web Cookies
A Marketer's Ultimate Guide to Web CookiesA Marketer's Ultimate Guide to Web Cookies
A Marketer's Ultimate Guide to Web CookiesAdRoll
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
4Ps Cookies Legislation
4Ps Cookies Legislation4Ps Cookies Legislation
4Ps Cookies LegislationEllie_4Ps
 

Similar to Which way is the new cookie law starting to crumble (20)

Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)Cookie Law (Dwf 190511)
Cookie Law (Dwf 190511)
 
Barclays
BarclaysBarclays
Barclays
 
4 ps cookies
4 ps cookies4 ps cookies
4 ps cookies
 
Cookies Update
Cookies UpdateCookies Update
Cookies Update
 
Kieon cookie law presentation Jan 2012
Kieon cookie law presentation Jan 2012Kieon cookie law presentation Jan 2012
Kieon cookie law presentation Jan 2012
 
Here comes the Cookie Monster
Here comes the Cookie MonsterHere comes the Cookie Monster
Here comes the Cookie Monster
 
Cookies and European Union Law
Cookies and European Union LawCookies and European Union Law
Cookies and European Union Law
 
Greenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumblesGreenlight digital marketing - when the digital cookie crumbles
Greenlight digital marketing - when the digital cookie crumbles
 
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdfA-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
A-Z Guide to Cookie Consent and Cookie Laws Around the World.pdf
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for youCookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you
 
Complying With The New Cookie Regime (April 2012)
Complying With The New Cookie Regime (April 2012)Complying With The New Cookie Regime (April 2012)
Complying With The New Cookie Regime (April 2012)
 
eBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, GeldardseBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
eBusiness Club "Demystifying the EU Cookie Law presentation, Geldards
 
DMA North: Legal Update
DMA North: Legal UpdateDMA North: Legal Update
DMA North: Legal Update
 
DMA North: The DMA legal update
DMA North: The DMA legal updateDMA North: The DMA legal update
DMA North: The DMA legal update
 
Cookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdfCookie Consent and Authorized Data Collection_Mar23.pdf
Cookie Consent and Authorized Data Collection_Mar23.pdf
 
A Marketer's Ultimate Guide to Web Cookies
A Marketer's Ultimate Guide to Web CookiesA Marketer's Ultimate Guide to Web Cookies
A Marketer's Ultimate Guide to Web Cookies
 
What is GDPR ? by M32
What is GDPR ? by M32What is GDPR ? by M32
What is GDPR ? by M32
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
4Ps Cookies Legislation
4Ps Cookies Legislation4Ps Cookies Legislation
4Ps Cookies Legislation
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Which way is the new cookie law starting to crumble

  • 1. Which way is the new cookie law starting to crumble? We look back at some of our clients’ and the wider digital media industry’s approach to the new cookie laws which came into force in May this year. Quick recap. As from May, you can only place and access cookies and similar technologies (e.g. web tags, beacons, clear gifs) on a user’s machine if you have prior, specific, informed consent from that user to do so. There are only two exceptions: where the cookie is “strictly necessary” for performance of a service a user has requested, or where its sole purpose is to transmit communications over a network. The law covers both cookies you place and those placed by others through your sites, such as analytics applications and advertising networks. Knowledge is power. You probably need an audit. Very few businesses actually know what cookies are used throughout their sites (even if they think that they do at the outset). The results can be startling. Knowledge is not easy to acquire. There are lots of audit tools and service providers available, but not all of them are created equal. You need a reasonable amount of detail out of any review or audit in order to be apply to make decisions appropriately. Furthermore, even a good review or audit may leave you with awkward hangover questions. You need to make sure you have time to address these, if not immediately, then going forward. Don’t forget email! Tags are frequently used in email marketing. Make sure your current email practices are in scope for any review. The exceptions are narrow, but not as narrow as you might think. An EU body has produced guidance which has clarified what can be considered “strictly necessary” for performance of a service a user has requested. Some social media services are covered, but not all of them. Consent to what? A policy listing all cookies with descriptions of each one, or a rough overview by class? The former approach has probably received most support to date (it is more conservative), but since the International Chamber of Commerce issued some related guidance setting out classes of cookie, the latter approach has increasingly started to find favour. Any approach should be legally risk-weighted – the most intrusive cookies should receive most attention in your policy (although this can be scary if they are also the most important commercially). To “agree” or not to “agree”? The Information Commissioners Office has come out to confirm in general that consent can be implied. In practice, this means using a pop-up to flag the use of cookies on a site (you will have probably seen examples in your own browsing to date), which falls short of giving “I agree” and “I don’t agree” options. Some pretty powerful stats have been published about the commercial dangers of using an “I agree” mechanism with end users (many don’t agree!). Links alone? Many retailers have held fire on using any pop-ups because of user experience risks, and just gone with new site links (akin to the industry approach to privacy policies to date). Links are part of the cookie compliance landscape, but in isolation their use is far from ideal. Cookies are usually placed as soon as a user accesses a site; this needs to be flagged up straight away for consent to be validly implied. By comparison, a privacy policy normally becomes relevant on marketing sign up or a sale; a later process in which it can be (and should be) expressly flagged up. © DWF LLP 2012 4011277-3 /RQM
  • 2. Which way is the new cookie law starting to crumble? Cookie management. Many sites are rolling out tools to manage cookies, even if initial consent is implied. A proliferation of approaches exists, but the basic concept is unquestionably correct: you are meant to empower a user so that they can withdraw their consent down the line if they want to. At present, you need to take action yourself in this area; it looks like the web browser industry is not going to come up with a solution in the medium term (some EU bodies are concerned that the US driven “Do not track” initiative will not meet the standards required by the new cookies law) If you do decide to roll-out your own cookie-management tool the site and business impact can be high, so any approach needs thinking through in full. There is a growing trend to use the International Chamber of Commerce’s recommended cookies classes as a basis, and give options so that a user can leave some cookies “on” (above those “strictly necessary”) and just turn “off” the most intrusive, ad-serving ones. Embedding customer preferences? If a user impliedly consents, how are you going to record this? Via a cookie on their machine? If so, this needs to be included in your policy. What happens if the cookie is later deleted by the user (either manually or on an automatic basis)? Do you want users being hit by repeat consent messages? If not, you might want to consider alternative technologies to record a user’s consent. Embedding change control in your business. It is one thing to embed the current position into your web estate; it is quite another to ensure any changes to your use of cookies is picked up and reflected in your consent mechanism. Think about what controls you need, and how these should be communicated. Do people need to know a little about the law to understand them? The challenge(s) of mobile sites. Don’t forget about them! They often take a different approach to your main site. Mobile is also a more challenging environment in which to present cookie information and seek consent. Should you consider developing a user-friendly approach for mobile and then rolling it out to your main site? Going EU-wide? The new cookie law is driven by an EU Directive. This means that each EU member state has some discretion in implementing its cookie laws, albeit from a common base. So if you have premises and websites outside the UK but within the EU you may have to grapple with multiple cookie laws which do not follow a completely consistent approach. That said, at present very few of the EU member states have rolled their new laws - the EU Commission is in the process of bringing fines – so you might have a breathing space for now. Going global? If your business operates outside the EU, don’t think the relevant part is automatically outside of the new cookie law. You need to consider the position carefully. The new laws do not distinguish between sites targeting EU citizens and those targeting people elsewhere. If your main place of business is in the UK, or your servers are here, you are likely to be caught. Is anyone going to punish me if I can’t be bothered? It is fair to say that the regulators have not come out all guns blazing to date, and there has been some noise to the effect that they do not see cookie compliance as a high priority. That said, they have extensive powers to investigate non- compliance, seek public undertakings from businesses to force improvements (which are embarrassing for board members to have to sign), and ultimately levy fines and bring criminal proceedings. Some businesses have deliberately “baited” the regulators, so a showdown is possible. Needless to say, we would not advocate doing nothing. The work involved in getting compliant is not © DWF LLP 2012 4011277-3 /RQM
  • 3. Which way is the new cookie law starting to crumble? trivial but you wouldn’t want the additional hassle and expense involved in responding to a regulatory trivial regulatory investigation, even a gentle one (it is not quick or cheap to do). Where do you want your brand to be? The new cookie laws are just one part of the privacy cookie landscape and the market norm in this area are still emerging, but putting pure legal compliance to norms one side, it is hard to advocate stasis as a valid option if you are at all sensitive about your brand. It should come as no surprise that businesses with major brands – e.g. BT and John Lewis – have been come very proactive in their compliance and treated their approach with the same care and precision as you treated would expect of their main sales and advertising web pages. Ultimately, for a user concerned about pages. Ultimately, for their privacy, your cookies and privacy pages may be the only opportunity you have to win their privacy custom, so they are worth doing well. Interested in learning more? Feel free to give me a call or email using the details below. Robert Machin Associate Commercial & IP DD +44 (0)161 604 1676 (Ext. 1676) DF +44 (0)161 603 5050 M +44 (0)7827 950 415 DWF LLP 1 Scott Place 2 Hardman Street Manchester M3 3AA T +44 (0)161 603 5000 F +44 (0)161 603 5050 www.dwf.co.uk © DWF LLP 2012 4011277-3 4011277-3 /RQM