SlideShare a Scribd company logo

Meeting the challenges of new Eprivacy laws

B2B Marketing
B2B Marketing

Since it became part of UK law in May 2011, the EU "ePrivacy" Directive 2009/136/EC has caused shockwaves across the digital marketing community. What are the key points in the new laws for B2B marketers? Do they cover more than just cookies? Is it possible to make sense of what the regulators are saying about how to comply? And what strategies should marketers be deploying to stay out of the courts? Get the answers to these and other important questions during this session.

BusinessTechnology
1 of 23
Download to read offline
B2B Marketing Conference 2011 Meeting the challenges of new ePrivacy laws Stephen Groom November 2011
osborneclarke.com Agenda • Quick context • Cookie law update • Impact on Online Behavioural Advertising (OBA) • The UK's position (plus the latest from Europe) • Practical steps • Increased penalties and don't forget….. • A quick look into the future 1
osborneclarke.com Quick context • Data Protection Act 1998 • Privacy and Electronic Communications (EC Directive) Regulations 2003 • Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 • in force since 26 May 2011 2
Cookie confusion – Where are we, how did we get here and what on earth to do?
osborneclarke.com What are cookies? • Text files, stored in the web browser on your computer and used by websites to ‘recognise’ the computer • Delivered when your web browser accesses an online service • Each cookie is specific to both: • a particular website that issues it; and • A particular computer (or more specifically, the browser on a particular computer) that requests the content • The same cookie is exchanged constantly as website content is accessed, enabling the website to recognise a browser that has previously visited the website • See http://www.whatarecookies.com/ for more details 4
osborneclarke.com What is behavioural advertising? "…online behavioral advertising means the tracking of a consumer’s online activities over time – including the searches the consumer has conducted, the web pages visited, and the content viewed – in order to deliver advertising targeted to the individual consumer’s interests." Source: Federal Trade Commission Staff Report (February 2009): "Self-Regulatory Principles For Online Behavioral Advertising" 5
osborneclarke.com Common types of OBA 1. First party OBA (the Amazon approach) • Publisher places cookies on its own website Intrusiveness / risk spectrum • Collects behaviour information about interests and likes Less Less • Uses information to target adverts on its own website only intrusive risk 2. Third party OBA (the AdSense approach) • OBA provider places tracks visitors to partnering websites • Collects behaviour information about interests and likes • Uses information to target adverts on other partnering websites 3. ISP traffic monitoring (the Phorm approach) • OBA provider intercepts user data traffic passing through ISP • Collects behaviour information about interests and likes More More intrusive risk • Uses information to target adverts on partnering websites 6
osborneclarke.com OBA: What are the legal issues? - There's a lot more to think about than just the cookie laws 1. Consumer Protection from Unfair Trading Regulations 2008 • lack of disclosure could be an "unfair commercial practice" • see OFT Market Study on Online Targeting of Advertising and Prices 2 Data Protection Act 1998 • does OBA data (e.g. IP addresses) qualify as "personal data"? • if so, "fair and lawful processing" requirements apply eg enhanced notice • if sensitive personal data is involved, explicit consent requirements 3 Privacy and Electronic Communications ("PEC") Regulations 2003 also regulate • location data • traffic data • spam / SMS marketing 4 Which brings us to the saga of the EU's cookie rules…! 7
osborneclarke.com Cookie Law Development 2002 Directive on Privacy + Electronic Communications ("PEC") includes specific tracking technology provisions 2003 PEC Regulations confirm opt out obligation where technology used to store or access information on terminal Late 2009 EC surprisingly amends equipment. PEC Directive to require user consent to tracking technology. Deadline for member state implementation May 2011 Cue furious lobbying by internet advertising industry 2010 Article 29 Working Party opine that prior opt in consent a requirement before May 2011 UK implements PEC cookies used in OBA amendment Regulations requiring user to have given consent but allowing for browser settings to be used to do so. May 2012 UK deadline for compliance with new cookie law. 8
osborneclarke.com Snapshot: Who has implemented? 9 9
osborneclarke.com Snapshot: Opt in/out patchwork 10 10
osborneclarke.com Cookie highway code chaos - The UK position Unless strictly necessary for …. placement of .. requires user consent cookies on a to have been obtained service provision…. device ..... • ICO interpretation of • Any device and • Browser setting strictly necessary any technology - exception likely to be narrower PCs, laptops, • Active consent than commercial mobile devices teams smart meters…… • Timing • PEC fines – £0.5m max 11
osborneclarke.com The "Industry' Response" • Self regulatory initiative to try to ward off explicit opt in • A broad coalition inc. IAB,EASA, DMA and ISBA. Signed by 90+ leading stakeholders • All agree to adhere to a 6 Principle "Framework" • Receivers of behaviourally targeted and retargeted ads alerted by a "uniform pictogram" or "icon" • When clicked on it gives info re: what OBA is, how it works and how Your Online Choices site can be used to opt out • Not yet expressly approved by ICO or EC 12
osborneclarke.com ICO's Position • "We remain to be convinced that [the use of privacy i symbol] amounts to consent" – David Smith, Deputy IC 22/9/11 • Moratorium on enforcement until May 2012 • But only if you're seen to be considering your approach "If ICO were to receive a complaint about a website, we would expect an organisation's response to set out how they have considered [the new rules] and that they have a realistic plan to achieve compliance" "You cannot ignore these new rules" 13
osborneclarke.com So what should businesses be doing now? • Audit use of cookies • Cookies necessary for the provision of requested services • Probably OK to continue but provide clear information e.g why cookies essential for security in context of online banking services • Useful but intrusive cookies • eg third party behavioural cookies • ICO: "the most challenging area". Browser settings will not provide a solution as yet • Do everything you can to get right info to users and allow them to make informed choices 14
osborneclarke.com So what should businesses be doing now? • Set up a cross-functional task force (IT/digital, Legal, Compliance, PR, Marketing) to devise an action plan and…. • Inform and educate internally • Ensure customer facing staff know what to say in reply to customer queries • Make easy and immediate changes e.g. add an update to your privacy policy such as:. "With regard to the new requirements on cookies after the revision of the e-Privacy Directive, we are working towards implementing the new requirements in line with official guidance" 15
osborneclarke.com More ICO suggestions as to what businesses should be doing now • "Feature-led consent" cookies used when user chooses a particular feature such as watching a video clip. If user is taking action to agree to the functionality being "switched on", provided it is made clear that "certain things will happen" by choosing to take a particular action then this can be interpreted as consent. • Functional/"first party" uses analytical/behavioural cookie collecting info about how people access and use the site. Make disclosures about this more prominent e.g. place highlighted text in web page footer or header or which turns into scrolling text when you want to set a cookie. This could prompt the user to read further info eg via the site privacy pages and make available choices 16
osborneclarke.com New cookie laws - unanswered questions • Marketing emails that drop cookies Clearly caught by the new PEC Regs but no DCMS or ICO Guidance currently deals • International issues 17
osborneclarke.com Increased penalties and don't forget… • In serious cases a fine of up to £500,000 for … • A breach of any provision of the Privacy and Electronic Communications Regulations including: – opt in rules for email and text marketing – do not call telemarketing rules – opt in rules for use of location data for marketing – opt in rules for sending pre-recorded marketing messages by automated calling systems • Don’t forget Reg 7 of the Ecommerce Regs 2002 18
osborneclarke.com In 12 Months Everything Will Look Different • EC likely to announce revisions in Q1 2012 • Directive or Regulation? • Possible changes • Accountability • Data Protection Officer requirement? • Privacy by design • Data breach notification • Currently only: Fin Services + Telecoms plus random territories for specific classes of data • Data portability • Right to be forgotten • Data transfers made easier? Safe harbor approach • Notifications and other bureaucracy to be scrapped? 19
osborneclarke.com New regulator powers? • Currently ICO only has "You know that ICO is not the Gestapo. Yet I don't have statutory powers to carry out audits in audit powers over public those sectors causing me the most concern. sector organisations Something is clearly wrong when the regulator has to ask permission from the organisation causing us concern before we can audit their data protection • But it can suggest to a practices" private company that an Christopher Graham audit might be a good idea Information Commissioner October 2011 • in lieu of immediate At a Privacy Law & Business conference enforcement (eg Google) 20
osborneclarke.com Useful source materials • www.marketinglaw.co.uk • ICO's Personal Information Online Code of Conduct • IAB Europe "European Self-Regulation for Online Behavioural Advertising" • DCMS paper "Implementing the revised EU Electronic Communications Framework" • ICO: "Changes to the rules on using cookies and similar technologies for storing information" 21
osborneclarke.com Any questions? Stephen Groom Head of Marketing & Privacy Law Osborne Clarke London T +44 (0) 207 105 7078 M +44 (0) 207 105 7079 stephen.groom@osborneclarke.com www.marketinglaw.co.uk 22

Recommended

EU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandEU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandKrishna De
 
International Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideInternational Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideKrishna De
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Comprend
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
How to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeHow to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeKrishna De
 
8 steps for excellent B2B CX (customer experience)
8 steps for excellent B2B CX (customer experience)8 steps for excellent B2B CX (customer experience)
8 steps for excellent B2B CX (customer experience)B2B Marketing
 
B2B Summit 2016 - Technology industry
B2B Summit 2016 - Technology industry B2B Summit 2016 - Technology industry
B2B Summit 2016 - Technology industry B2B Marketing
 
B2B Summit 2016 - Manufacturing industry
B2B Summit 2016 - Manufacturing industry B2B Summit 2016 - Manufacturing industry
B2B Summit 2016 - Manufacturing industry B2B Marketing
 

Recommended

EU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandEU Cookie Directive Report On Compliance In The UK And Ireland
EU Cookie Directive Report On Compliance In The UK And IrelandKrishna De
 
International Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideInternational Chamber Of Commerce UK - EU Cookie Directive Guide
International Chamber Of Commerce UK - EU Cookie Directive GuideKrishna De
 
Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Cookies and the EU privacy directive: what it means for you
Cookies and the EU privacy directive: what it means for you Comprend
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
How to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeHow to use Facebook Live to bring your brand to life
How to use Facebook Live to bring your brand to lifeKrishna De
 
8 steps for excellent B2B CX (customer experience)
8 steps for excellent B2B CX (customer experience)8 steps for excellent B2B CX (customer experience)
8 steps for excellent B2B CX (customer experience)B2B Marketing
 
B2B Summit 2016 - Technology industry
B2B Summit 2016 - Technology industry B2B Summit 2016 - Technology industry
B2B Summit 2016 - Technology industry B2B Marketing
 
B2B Summit 2016 - Manufacturing industry
B2B Summit 2016 - Manufacturing industry B2B Summit 2016 - Manufacturing industry
B2B Summit 2016 - Manufacturing industry B2B Marketing
 
B2B Summit 2016 - Finance industry
B2B Summit 2016 - Finance industry B2B Summit 2016 - Finance industry
B2B Summit 2016 - Finance industry B2B Marketing
 
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...B2B Marketing
 
1130 Heidi Taylor Heidimarketing
1130 Heidi Taylor Heidimarketing1130 Heidi Taylor Heidimarketing
1130 Heidi Taylor HeidimarketingB2B Marketing
 
1425 1455 Peter Isaacson Demandbase
1425 1455 Peter Isaacson Demandbase1425 1455 Peter Isaacson Demandbase
1425 1455 Peter Isaacson DemandbaseB2B Marketing
 
1500 1530 Alana Griffths and Alex Gill Harte Hanks
1500 1530 Alana Griffths and Alex Gill Harte Hanks1500 1530 Alana Griffths and Alex Gill Harte Hanks
1500 1530 Alana Griffths and Alex Gill Harte HanksB2B Marketing
 
James foulkes, director and co founder, kingpin
James foulkes, director and co founder, kingpinJames foulkes, director and co founder, kingpin
James foulkes, director and co founder, kingpinB2B Marketing
 
John Webb, marketing director (EMEA), Spiceworks
John Webb, marketing director (EMEA), SpiceworksJohn Webb, marketing director (EMEA), Spiceworks
John Webb, marketing director (EMEA), SpiceworksB2B Marketing
 
1500 1530 Simon Morris, Adobe
1500 1530 Simon Morris, Adobe1500 1530 Simon Morris, Adobe
1500 1530 Simon Morris, AdobeB2B Marketing
 
1500 1530 Fiona Shepherd and Sinead Woodley, April Six
1500 1530 Fiona Shepherd and Sinead Woodley, April Six1500 1530 Fiona Shepherd and Sinead Woodley, April Six
1500 1530 Fiona Shepherd and Sinead Woodley, April SixB2B Marketing
 
Jon moger, Aruba
Jon moger, ArubaJon moger, Aruba
Jon moger, ArubaB2B Marketing
 
1130 1210 Tim Hughes, oracle
1130 1210 Tim Hughes, oracle1130 1210 Tim Hughes, oracle
1130 1210 Tim Hughes, oracleB2B Marketing
 
0940 Jeremy Bevan, Cisco
0940 Jeremy Bevan, Cisco0940 Jeremy Bevan, Cisco
0940 Jeremy Bevan, CiscoB2B Marketing
 
0940 Peter thomas accenture
0940 Peter thomas accenture0940 Peter thomas accenture
0940 Peter thomas accentureB2B Marketing
 
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...BEST PRACTICE: Just for you - How to drive better engagement with localisatio...
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...B2B Marketing
 
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...CASE STUDY: How insights on your customer’s end consumers can help your B2B s...
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...B2B Marketing
 
BEST PRACTICE: Building long-term relationships with data & customer insights
BEST PRACTICE: Building long-term relationships with data & customer insightsBEST PRACTICE: Building long-term relationships with data & customer insights
BEST PRACTICE: Building long-term relationships with data & customer insightsB2B Marketing
 
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...B2B Marketing
 
BEST PRACTICE: Who owns social selling?
BEST PRACTICE: Who owns social selling?BEST PRACTICE: Who owns social selling?
BEST PRACTICE: Who owns social selling?B2B Marketing
 
CASE STUDY: Know what you’re talking about – How outstanding content won us a...
CASE STUDY: Know what you’re talking about – How outstanding content won us a...CASE STUDY: Know what you’re talking about – How outstanding content won us a...
CASE STUDY: Know what you’re talking about – How outstanding content won us a...B2B Marketing
 
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...B2B Marketing
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 

More Related Content

More from B2B Marketing

B2B Summit 2016 - Finance industry
B2B Summit 2016 - Finance industry B2B Summit 2016 - Finance industry
B2B Summit 2016 - Finance industry B2B Marketing
 
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...B2B Marketing
 
1130 Heidi Taylor Heidimarketing
1130 Heidi Taylor Heidimarketing1130 Heidi Taylor Heidimarketing
1130 Heidi Taylor HeidimarketingB2B Marketing
 
1425 1455 Peter Isaacson Demandbase
1425 1455 Peter Isaacson Demandbase1425 1455 Peter Isaacson Demandbase
1425 1455 Peter Isaacson DemandbaseB2B Marketing
 
1500 1530 Alana Griffths and Alex Gill Harte Hanks
1500 1530 Alana Griffths and Alex Gill Harte Hanks1500 1530 Alana Griffths and Alex Gill Harte Hanks
1500 1530 Alana Griffths and Alex Gill Harte HanksB2B Marketing
 
James foulkes, director and co founder, kingpin
James foulkes, director and co founder, kingpinJames foulkes, director and co founder, kingpin
James foulkes, director and co founder, kingpinB2B Marketing
 
John Webb, marketing director (EMEA), Spiceworks
John Webb, marketing director (EMEA), SpiceworksJohn Webb, marketing director (EMEA), Spiceworks
John Webb, marketing director (EMEA), SpiceworksB2B Marketing
 
1500 1530 Simon Morris, Adobe
1500 1530 Simon Morris, Adobe1500 1530 Simon Morris, Adobe
1500 1530 Simon Morris, AdobeB2B Marketing
 
1500 1530 Fiona Shepherd and Sinead Woodley, April Six
1500 1530 Fiona Shepherd and Sinead Woodley, April Six1500 1530 Fiona Shepherd and Sinead Woodley, April Six
1500 1530 Fiona Shepherd and Sinead Woodley, April SixB2B Marketing
 
1130 1210 Tim Hughes, oracle
1130 1210 Tim Hughes, oracle1130 1210 Tim Hughes, oracle
1130 1210 Tim Hughes, oracleB2B Marketing
 
0940 Jeremy Bevan, Cisco
0940 Jeremy Bevan, Cisco0940 Jeremy Bevan, Cisco
0940 Jeremy Bevan, CiscoB2B Marketing
 
0940 Peter thomas accenture
0940 Peter thomas accenture0940 Peter thomas accenture
0940 Peter thomas accentureB2B Marketing
 
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...BEST PRACTICE: Just for you - How to drive better engagement with localisatio...
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...B2B Marketing
 
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...CASE STUDY: How insights on your customer’s end consumers can help your B2B s...
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...B2B Marketing
 
BEST PRACTICE: Building long-term relationships with data & customer insights
BEST PRACTICE: Building long-term relationships with data & customer insightsBEST PRACTICE: Building long-term relationships with data & customer insights
BEST PRACTICE: Building long-term relationships with data & customer insightsB2B Marketing
 
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...B2B Marketing
 
BEST PRACTICE: Who owns social selling?
BEST PRACTICE: Who owns social selling?BEST PRACTICE: Who owns social selling?
BEST PRACTICE: Who owns social selling?B2B Marketing
 
CASE STUDY: Know what you’re talking about – How outstanding content won us a...
CASE STUDY: Know what you’re talking about – How outstanding content won us a...CASE STUDY: Know what you’re talking about – How outstanding content won us a...
CASE STUDY: Know what you’re talking about – How outstanding content won us a...B2B Marketing
 
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...B2B Marketing
 

More from B2B Marketing (20)

B2B Summit 2016 - Finance industry
B2B Summit 2016 - Finance industry B2B Summit 2016 - Finance industry
B2B Summit 2016 - Finance industry
 
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...
Andrew Rogerson, Managing director, Grist and Nathan Hambrook-Skinner, direc...
 
1130 Heidi Taylor Heidimarketing
1130 Heidi Taylor Heidimarketing1130 Heidi Taylor Heidimarketing
1130 Heidi Taylor Heidimarketing
 
1425 1455 Peter Isaacson Demandbase
1425 1455 Peter Isaacson Demandbase1425 1455 Peter Isaacson Demandbase
1425 1455 Peter Isaacson Demandbase
 
1500 1530 Alana Griffths and Alex Gill Harte Hanks
1500 1530 Alana Griffths and Alex Gill Harte Hanks1500 1530 Alana Griffths and Alex Gill Harte Hanks
1500 1530 Alana Griffths and Alex Gill Harte Hanks
 
James foulkes, director and co founder, kingpin
James foulkes, director and co founder, kingpinJames foulkes, director and co founder, kingpin
James foulkes, director and co founder, kingpin
 
John Webb, marketing director (EMEA), Spiceworks
John Webb, marketing director (EMEA), SpiceworksJohn Webb, marketing director (EMEA), Spiceworks
John Webb, marketing director (EMEA), Spiceworks
 
1500 1530 Simon Morris, Adobe
1500 1530 Simon Morris, Adobe1500 1530 Simon Morris, Adobe
1500 1530 Simon Morris, Adobe
 
1500 1530 Fiona Shepherd and Sinead Woodley, April Six
1500 1530 Fiona Shepherd and Sinead Woodley, April Six1500 1530 Fiona Shepherd and Sinead Woodley, April Six
1500 1530 Fiona Shepherd and Sinead Woodley, April Six
 
Jon moger, Aruba
Jon moger, ArubaJon moger, Aruba
Jon moger, Aruba
 
1130 1210 Tim Hughes, oracle
1130 1210 Tim Hughes, oracle1130 1210 Tim Hughes, oracle
1130 1210 Tim Hughes, oracle
 
0940 Jeremy Bevan, Cisco
0940 Jeremy Bevan, Cisco0940 Jeremy Bevan, Cisco
0940 Jeremy Bevan, Cisco
 
0940 Peter thomas accenture
0940 Peter thomas accenture0940 Peter thomas accenture
0940 Peter thomas accenture
 
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...BEST PRACTICE: Just for you - How to drive better engagement with localisatio...
BEST PRACTICE: Just for you - How to drive better engagement with localisatio...
 
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...CASE STUDY: How insights on your customer’s end consumers can help your B2B s...
CASE STUDY: How insights on your customer’s end consumers can help your B2B s...
 
BEST PRACTICE: Building long-term relationships with data & customer insights
BEST PRACTICE: Building long-term relationships with data & customer insightsBEST PRACTICE: Building long-term relationships with data & customer insights
BEST PRACTICE: Building long-term relationships with data & customer insights
 
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...
BEST PRACTICE: How to be insightful: a storyteller’s guide to developing the ...
 
BEST PRACTICE: Who owns social selling?
BEST PRACTICE: Who owns social selling?BEST PRACTICE: Who owns social selling?
BEST PRACTICE: Who owns social selling?
 
CASE STUDY: Know what you’re talking about – How outstanding content won us a...
CASE STUDY: Know what you’re talking about – How outstanding content won us a...CASE STUDY: Know what you’re talking about – How outstanding content won us a...
CASE STUDY: Know what you’re talking about – How outstanding content won us a...
 
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...
BEST PRACTICE: The seven types of B2B copywriter – And how the wrong one can ...
 

Recently uploaded

Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 

Recently uploaded (20)

Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.com
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 

Meeting the challenges of new Eprivacy laws

  • 1. B2B Marketing Conference 2011 Meeting the challenges of new ePrivacy laws Stephen Groom November 2011
  • 2. osborneclarke.com Agenda • Quick context • Cookie law update • Impact on Online Behavioural Advertising (OBA) • The UK's position (plus the latest from Europe) • Practical steps • Increased penalties and don't forget….. • A quick look into the future 1
  • 3. osborneclarke.com Quick context • Data Protection Act 1998 • Privacy and Electronic Communications (EC Directive) Regulations 2003 • Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 • in force since 26 May 2011 2
  • 4. Cookie confusion – Where are we, how did we get here and what on earth to do?
  • 5. osborneclarke.com What are cookies? • Text files, stored in the web browser on your computer and used by websites to ‘recognise’ the computer • Delivered when your web browser accesses an online service • Each cookie is specific to both: • a particular website that issues it; and • A particular computer (or more specifically, the browser on a particular computer) that requests the content • The same cookie is exchanged constantly as website content is accessed, enabling the website to recognise a browser that has previously visited the website • See http://www.whatarecookies.com/ for more details 4
  • 6. osborneclarke.com What is behavioural advertising? "…online behavioral advertising means the tracking of a consumer’s online activities over time – including the searches the consumer has conducted, the web pages visited, and the content viewed – in order to deliver advertising targeted to the individual consumer’s interests." Source: Federal Trade Commission Staff Report (February 2009): "Self-Regulatory Principles For Online Behavioral Advertising" 5
  • 7. osborneclarke.com Common types of OBA 1. First party OBA (the Amazon approach) • Publisher places cookies on its own website Intrusiveness / risk spectrum • Collects behaviour information about interests and likes Less Less • Uses information to target adverts on its own website only intrusive risk 2. Third party OBA (the AdSense approach) • OBA provider places tracks visitors to partnering websites • Collects behaviour information about interests and likes • Uses information to target adverts on other partnering websites 3. ISP traffic monitoring (the Phorm approach) • OBA provider intercepts user data traffic passing through ISP • Collects behaviour information about interests and likes More More intrusive risk • Uses information to target adverts on partnering websites 6
  • 8. osborneclarke.com OBA: What are the legal issues? - There's a lot more to think about than just the cookie laws 1. Consumer Protection from Unfair Trading Regulations 2008 • lack of disclosure could be an "unfair commercial practice" • see OFT Market Study on Online Targeting of Advertising and Prices 2 Data Protection Act 1998 • does OBA data (e.g. IP addresses) qualify as "personal data"? • if so, "fair and lawful processing" requirements apply eg enhanced notice • if sensitive personal data is involved, explicit consent requirements 3 Privacy and Electronic Communications ("PEC") Regulations 2003 also regulate • location data • traffic data • spam / SMS marketing 4 Which brings us to the saga of the EU's cookie rules…! 7
  • 9. osborneclarke.com Cookie Law Development 2002 Directive on Privacy + Electronic Communications ("PEC") includes specific tracking technology provisions 2003 PEC Regulations confirm opt out obligation where technology used to store or access information on terminal Late 2009 EC surprisingly amends equipment. PEC Directive to require user consent to tracking technology. Deadline for member state implementation May 2011 Cue furious lobbying by internet advertising industry 2010 Article 29 Working Party opine that prior opt in consent a requirement before May 2011 UK implements PEC cookies used in OBA amendment Regulations requiring user to have given consent but allowing for browser settings to be used to do so. May 2012 UK deadline for compliance with new cookie law. 8
  • 12. osborneclarke.com Cookie highway code chaos - The UK position Unless strictly necessary for …. placement of .. requires user consent cookies on a to have been obtained service provision…. device ..... • ICO interpretation of • Any device and • Browser setting strictly necessary any technology - exception likely to be narrower PCs, laptops, • Active consent than commercial mobile devices teams smart meters…… • Timing • PEC fines – £0.5m max 11
  • 13. osborneclarke.com The "Industry' Response" • Self regulatory initiative to try to ward off explicit opt in • A broad coalition inc. IAB,EASA, DMA and ISBA. Signed by 90+ leading stakeholders • All agree to adhere to a 6 Principle "Framework" • Receivers of behaviourally targeted and retargeted ads alerted by a "uniform pictogram" or "icon" • When clicked on it gives info re: what OBA is, how it works and how Your Online Choices site can be used to opt out • Not yet expressly approved by ICO or EC 12
  • 14. osborneclarke.com ICO's Position • "We remain to be convinced that [the use of privacy i symbol] amounts to consent" – David Smith, Deputy IC 22/9/11 • Moratorium on enforcement until May 2012 • But only if you're seen to be considering your approach "If ICO were to receive a complaint about a website, we would expect an organisation's response to set out how they have considered [the new rules] and that they have a realistic plan to achieve compliance" "You cannot ignore these new rules" 13
  • 15. osborneclarke.com So what should businesses be doing now? • Audit use of cookies • Cookies necessary for the provision of requested services • Probably OK to continue but provide clear information e.g why cookies essential for security in context of online banking services • Useful but intrusive cookies • eg third party behavioural cookies • ICO: "the most challenging area". Browser settings will not provide a solution as yet • Do everything you can to get right info to users and allow them to make informed choices 14
  • 16. osborneclarke.com So what should businesses be doing now? • Set up a cross-functional task force (IT/digital, Legal, Compliance, PR, Marketing) to devise an action plan and…. • Inform and educate internally • Ensure customer facing staff know what to say in reply to customer queries • Make easy and immediate changes e.g. add an update to your privacy policy such as:. "With regard to the new requirements on cookies after the revision of the e-Privacy Directive, we are working towards implementing the new requirements in line with official guidance" 15
  • 17. osborneclarke.com More ICO suggestions as to what businesses should be doing now • "Feature-led consent" cookies used when user chooses a particular feature such as watching a video clip. If user is taking action to agree to the functionality being "switched on", provided it is made clear that "certain things will happen" by choosing to take a particular action then this can be interpreted as consent. • Functional/"first party" uses analytical/behavioural cookie collecting info about how people access and use the site. Make disclosures about this more prominent e.g. place highlighted text in web page footer or header or which turns into scrolling text when you want to set a cookie. This could prompt the user to read further info eg via the site privacy pages and make available choices 16
  • 18. osborneclarke.com New cookie laws - unanswered questions • Marketing emails that drop cookies Clearly caught by the new PEC Regs but no DCMS or ICO Guidance currently deals • International issues 17
  • 19. osborneclarke.com Increased penalties and don't forget… • In serious cases a fine of up to £500,000 for … • A breach of any provision of the Privacy and Electronic Communications Regulations including: – opt in rules for email and text marketing – do not call telemarketing rules – opt in rules for use of location data for marketing – opt in rules for sending pre-recorded marketing messages by automated calling systems • Don’t forget Reg 7 of the Ecommerce Regs 2002 18
  • 20. osborneclarke.com In 12 Months Everything Will Look Different • EC likely to announce revisions in Q1 2012 • Directive or Regulation? • Possible changes • Accountability • Data Protection Officer requirement? • Privacy by design • Data breach notification • Currently only: Fin Services + Telecoms plus random territories for specific classes of data • Data portability • Right to be forgotten • Data transfers made easier? Safe harbor approach • Notifications and other bureaucracy to be scrapped? 19
  • 21. osborneclarke.com New regulator powers? • Currently ICO only has "You know that ICO is not the Gestapo. Yet I don't have statutory powers to carry out audits in audit powers over public those sectors causing me the most concern. sector organisations Something is clearly wrong when the regulator has to ask permission from the organisation causing us concern before we can audit their data protection • But it can suggest to a practices" private company that an Christopher Graham audit might be a good idea Information Commissioner October 2011 • in lieu of immediate At a Privacy Law & Business conference enforcement (eg Google) 20
  • 22. osborneclarke.com Useful source materials • www.marketinglaw.co.uk • ICO's Personal Information Online Code of Conduct • IAB Europe "European Self-Regulation for Online Behavioural Advertising" • DCMS paper "Implementing the revised EU Electronic Communications Framework" • ICO: "Changes to the rules on using cookies and similar technologies for storing information" 21
  • 23. osborneclarke.com Any questions? Stephen Groom Head of Marketing & Privacy Law Osborne Clarke London T +44 (0) 207 105 7078 M +44 (0) 207 105 7079 stephen.groom@osborneclarke.com www.marketinglaw.co.uk 22