EU ePrivacy Directive – what it means for you


With just over a month to go until the deadline for compliance with the EU ePrivacy Directive, I’ve had a number of clients and fellow marketers ask me what I’m doing about it and how they should be gearing up for action.

The ICO released a ‘practical’ guide in December (available here) but I admit I still wasn’t clear what it meant to me, or even if I am responsible for ensuring we are compliant. The one thing I know for sure is that if I don’t take notice of this we’ll be breaking the law come the end of May. That’s reason enough for me to take this seriously!

The law isn’t entirely clear on what complete compliance looks like but there are a few things you can do now to ensure you’re at least on the right track. The first thing is to check within your organisation who is responsible for your company’s compliance. The ICO say this in their guide;

“The Regulations do not define who should be responsible for complying with the requirement to provide information about cookies and obtain consent. Where a person operates an online service and any use of cookies will be for their purposes, it is clear that that person will be responsible for complying with this Regulation”

As Coast Digital’s website comes under my remit I’m going to assume this is my responsibility, but if you’re lucky enough to have a legal team within your organisation I’d suggest having a quick chat with them to see if they can offer any enlightenment. Your IT Director may also have a view so worth exploring that avenue.

I can’t admit to being any kind of authority on this but here are the steps I’m taking to get the ball rolling, which you may find useful.

The first thing I’m looking at is undertaking an audit of the cookies currently being used on our site. Your website developer or agency should be able to look into this for you but if you’re in any doubt just give us a call and we can guide you through the process. The second thing is to look at our site’s privacy policy. Ours will, by May, include a breakdown of the types of cookies we use. The third thing I’m looking into is getting an ‘opt-in’ box set up on our site, just as the ICO themselves have done. This will basically describe why the cookies are needed and give our users the option of accepting them. I’m assuming, as the ICO have done it, that it will be sufficient enough to pass the laws but the ICO have put a caveat on their site saying they may change this so I’ll just keep an eye on what they do and follow suit. The law also applies to mobile sites so I’ll be looking into cookie use on our mobile site as well.

As a marketer this law will have an impact on my campaigns, as it will affect our user experience and conversion rates as well as the data I can track but it is the law so we don’t have an awful lot of choice, just the opportunity to adapt and face the challenge.

My more technically-minded colleagues have written a series of blog posts on this, available here.

Another great resource on this topic is Econsultancy – they published a blog on what they are doing to be compliant last month, as well as some practical solutions which I found of interest.

I’d love to hear your thoughts on how you are interpreting the law and what you’ll be doing about it, contact me here.


More on this subject