Inside EU Cookie Laws

What it is: The UK’s Privacy and Electronic Communications Directive, an amendment to the EU’s E-Privacy Directive, will restrict the use of cookies and virtually any other tracking methods used for advertising purposes. Both legal frameworks would require any company with users in an EU country to be subject to EU-wide and country-specific privacy legislation. The UK law’s translation of the EU’s E-Privacy Directive principles is far more restrictive than the present incarnation of the US-EU Safe Harbor agreement, which requires US companies to offer notification when cookies are used on a website.

Why it matters: The restriction on cookie use could impose financial and even criminal penalties for the improper use of cookies. The UK government today announced a deferment on non-compliance penalties for one year. The law, however may still place large American brands at a disadvantage. Because many major American campaigns employ rich media ads and display content from multiple sources, the bigger and more elaborate an advertising campaign or a retail website is, the more vulnerable it would be to restrictions through the new EU directives.
How it works: The law would require notice each time a cookie is used, setting up a flurry of notifications. The bigger the website and the richer the media, the greater the risk. A browser solution might work for webpages, but it wouldn’t work for mobile apps and even Web apps. The ICO suggests that companies use “some other way” to alert users to cookie use. Adding information to a terms of use agreement won’t work either, according to the report, unless all users are issued a new agreement and certify their acceptance.
Who’s doing it: Every company with a user in the EU or the UK will eventually have to implement the measures, but at present only two EU members, Denmark and Estonia, have implemented controls to enforce the EU directives besides the UK’s efforts. The EU and the UK are presently working with all major browser manufacturers to create browser-level solutions for privacy. Some American companies, such as Truste and AdSafe, are creating products for EU-compliance.
Assessment: The cookie-use evaluation process is only half the battle, as American companies will also have to contend with further EU legislation meant to limit data storage practices globally, on mobile and online. “Businesses may want to check their sites to work out where they are using cookies and what those cookies are doing,” wrote attorney Johnathan Armstrong, of Duane Morris, a firm specializing in technology law. “They may want to stop using unnecessary cookies, especially those sending data to third parties. Businesses may then work on ways of telling visitors to their sites what is happening to their data. Given that the law is in a state of uncertainty, transparency should be the guiding principle of any business in its online activities.”
https://digiday.com/?p=4643

More in Media

Media Briefing: Publishers search for new ways to grow (and authenticate) audiences, overheard at the Digiday Publishing Summit

“[Advertisers] already pay data providers for data. So why not pay the publisher?”

Research Briefing: Publishers’ revenue sources are top of mind at Digiday Publishing Summit

In this week’s Digiday+ Research Briefing, we examine which revenue streams were top of mind for publishers at the Digiday Publishing Summit, how TikTok is getting even more marketing spend from brands and retailers despite facing a potential U.S. ban, and how Disney is rolling out DRAX Direct, a direct integration with the industry’s largest DSPs, as seen in recent data from Digiday+ Research.

How Forbes is testing its SSPs to improve programmatic ad revenue

Forbes has been running tests with its SSPs to improve the ad tech firms’ contributions to the publisher’s revenue.