Don’t take cookies from strangers!

The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations (2011 Regulations) came into force in the UK last year and the Information Commission Office (ICO) has recently started to make grumbling noises about UK web sites having to comply with these regulations, particularly as they apply to cookies.

Theoretically, brand owners face the risk of fines as high as £500,000 for non-compliance, although what’s more likely to happen is a slap on the wrist in the form of a notice to comply.

Under the so-called “Cookie Directive” brand owners operating web sites are obliged to obtain informed consent from European residents before placing most cookies and other files on the visitors’ computer.

These regulations affect direct electronic marketing on laptops, desktops, digital and mobile devices and the security and confidentiality of such communications.

My Mom told me never to accept cookies from strangers!

Cookies are small text files that are stored on a user’s device when visiting a web site. The cookie assists the web or mobile site in recognising the user’s device and delivering a more tailored and user-friendly experience.

Fundamentally, the 2011 Regulations now change the ‘opt-out’ requirement to an ‘opt-in’ requirement.

What this means is that web users must give their express consent to cookies to be installed on their device before the web site owner can use them.

The only exception to this requirement is where the cookie is ‘strictly necessary’ for a service – for example, in an online check-out context.

Although this has led to redrafting the wording of privacy policies as well as changing the operability of web sites, it does present practical problems and severe inconvenience for web site owners which is why in the main many web site owners are still in breach of the 2011 Regulations as few have been slow to adopt these requirements.

Earlier this year, Jon Woods, general manager at Coca-Cola for UK and Ireland said that the 2011 Regulations around behavioural targeting presented one of the biggest regulatory challenges for the business in the future.

Coca Cola is setting new standards in digital marketing with its ethical code

“We need to be transparent about what data is being taken and what cookies are being used so that consumers feel confident using our brands. The issue is that the agencies we rely on to manage digital are experts but this might mean that they learnt this yesterday and are telling us today because it moves so fast,” he said.

In 2012 Coca-Cola updated its Responsible Marketing Code in response to the challenges that the new 2011 Regulations presents.

The Information Commission now appears to be running out of patience and is expecting brand owners to be aware of these Regulations and to comply with them.

The ICO has pledged to keep working to educate brand owners on how to stay the right side of the law and has produced a useful guide on the use of cookies.

Ardi Kolah is the author of Essential Law for Marketers 2nd edition, published by Kogan Page in Jan 2013 (£19.99)