US companies need to prepare for controls over their marketing to EU citizens in the wake of agreement on EU General Data Protection Regulation

This blog is part 3 of Ardi Kolah's series on the GDPR. See the others here. The State of the European Union address by EU President Jean Claude-Juncker on 9 September 2015 may appear on the surface to be largely insignificant for US-multi-national marketing activities within the EU. However, such thinking is highly dangerous as it reveals an almost total lack of awareness of the risks to business continuity facing some of America’s biggest corporations that generate vast profits from their marketing activities with EU citizens. Here in Europe, many companies and organisations are bracing themselves for the biggest shake up in data protection and privacy for a decade with the forthcoming EU General Data Protection Regulation…

Informed consent and transparency will be hallmarks of GDPR

This blog is part 2 in our series on the marketing implications of the new GDPR. See part one here. Informed or explicit consent and transparency are key issues for the final version of the EU General Data Protection Regulation (GDPR) that’s set to be agreed before the close of 2015. In a recent report commissioned by regulator Ofcom and written by German-based consultancy WIK-Consult, the authors note that it’s important to recognise that within the EU informed consent is needed both for placing cookies or similar tracking devices on a user’s device. The current laws and regulations in this area are the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 as well as the Data Protection Directive 95/46/EC. The forthcoming GDPR also provides for a higher level of…

GDPR Summary - Part 1 - On your marks, get set, go!

Companies and organisations that use data at the centre of their sales and marketing activities – and that’s just about everyone reading this blog - will be impacted by the forthcoming EU General Data Protection Regulation (GDPR).

Yesterday (Monday 15 June), the European Council of Ministers gave its strongest signal yet that it was prepared to negotiate the detail of the GDPR with the European Parliament in order to try and reach agreement by the end of 2015.

Agreement between the European Parliament, Council of Ministers and European Commission now looks like a distinct possibility in November/December 2015 after which there’ll be a two-year transition period before sanctions begin to bite.

However, as the blogosphere went into overdrive, many critics were sceptical that this could be achieved in a 6-month time frame given that both sides will…

A recent court case could set a legal precedent to limit behavioural email marketing

Importance (to retail email marketers): [rating=5] Recommended link: Sky News: Spammer To Pay Damages After Court Victory There has recently been an interesting, useful and somewhat scary discussion on the Smart Insights LinkedIn discussion group about the risks of email marketers being seen as spammers and action take against them. Worth checking out if you’re involved in email marketing. It alerted me to this recent case where John Lewis has had to pay damages because of their email marketing and data privacy opt-in approach on their site. I’ve created an alert on it  since the finding seems to suggest the common practice of pre-ticking a box during purchase and following that up with an “Abandoned Shopping cart email” The case was brought against the retailer by Roddy Mansfield, a Sky news producer. It was a private action and the finding…

History Forgotten, History Erased: EU Ruling marks massive win for Right to Privacy Campaigners

Last Tuesday’s EU Court of Justice ruling in favour of an individual’s ‘right to be forgotten’ feels like a harsh blow to Google. The ruling, which establishes the search engine's role as a ‘data controller’ and as such does not extend to media institutions and other online publishers, has divided opinion amongst commentators. Many are worried that by shifting the onus on Google as a controller of data, the EU could be throwing the baby out with the bath water in its attempt to protect press freedoms with the right to be forgotten. Whilst Google is not responsible for the publication of content it has become a vital component of the online media melting pot and as such these distinctions matter.

Damaging attack or vital measure?

To…

IABs Digital Advertising Policy Guide simplifies 100 pieces of UK marketing legislation

Value/Importance of  new advice: [rating=4] (for UK readers)

Recommended link: IAB Digital Advertising Policy Guide

As a marketer, we know that advertising rules and compliance is constantly changing to keep up with the pace of new digital and social media channels.

How do we keep on top of it when there are so many rules and codes? Digital marketing in the UK is regulated by DPA 1998, Privacy and Electronic Communications and self-regulatory rules including CAP - in addition to T&Cs set by individual channels such as Facebook, Twitter etc.

Sometimes savvy customers know more about their rights than marketers or businesses. The number of laws and the frequency of updates raises a lot of questions... So how do we keep on top of it? How do we know the rules to follow as a business?  What happens…

Responding to the four biggest legal risks of social media to business

With legal cases involving social media are on the rise, businesses need to manage the potential risks. To help review the challenges and solutions to managing the risks of social media, we have recently published our benchmark study on social media and the law. We hope marketers can use the data to evaluate their knowledge and establish the risks they may need to manage. We’ve summarised the risks of social media in this infographic showing the four main risks as we see them against the awareness of the law. We see three main takeaways from the research: Many marketers know the risks, but don’t have company buy-in. Over 50% of companies don’t consider social media legal risks to be an issue or a priority. This was unexpected when respondents made it…

Move to "implied consent" useful for informing other site cookie policy decisions?

Value/Importance: [rating=4] (For UK marketers) Recommended link: ICO announcement Through 2011 and 2012 we kept marketers informed on how they should respond to new European privacy legislation and how it relates to the UK in particular. In our last post on the topic in 2012 we summarised the action the Information Commissioners Office (ICO) is taking on enforcement now the law is in force (from May 2012). There is a clear shift on previous announcements from “mandatory opt-in” to “informed consent” (to simplify). If you’ve been following the cookie privacy developments to inform what you do on your site or for clients, then the latest announcement is very interesting. It’s from the ICO themselves explaining how they are changing their message such that they can now gain analytics insight from users. Here's the 'before and after' for the ICO…

The Information Commissioners Christmas Message On Cookies

Importance: [rating=5] Recommended link: ICO 18.12.2012 PDF summarising Enforcement action

Our commentary on the new report

Do you remember back to May 2012 - it seems like ancient history now… At the time most site owners were concerned with becoming compliant with what most referred to as the “cookie law” (technically, the 2011 amendment to the Privacy and Electronic Communications Regulation Act). Many larger companies did respond with the law as we showed in this post reviewing how companies were responding to the law. On 18th December the UK ICO released a “must read” PDF reviewing their enforcement action. These are the main points site owners need to be aware of as I see them. 1. The cookie law is a lower priority for consumers and so the ICO than unwanted marketing communications (mainly junk texts and email spam). 2. Between 25 May and 21 November 2012 the ICO…

Digital marketing features in more adjudications - especially email marketing

This used to be the strap line in the Advertising Standards Authority ads reminding marketers of their obligations under the advertising practice codes and the relevant law. Today, the ASA still regularly field complaints about the claims made in digital and offline advertisements. As we alerted you in a previous post, the ASA’s 01/03/2011 online extensions to the marketing guidelines mean the self-regulatory CAP code now applies to websites, PPC, social media conversations, promotional video and email marketing, in addition to more obvious advertisement formats. Press releases and natural search do not come under the guidelines.

Reviewing adjudications can help you avoid creating misleading advertising communications

The majority of consumer complaints are about ‘misleading’ rather than ‘offensive’ advertising, and it is not always apparent how ‘misleading’ will be officially interpreted. There have…