4Ps Marketing

Further Guidance on the New PECR Rules

Many of us will have read about changes in the way Cookies are dealt with in line with the EC Privacy and Electronics Communications Regulations (PECR) 2011. The regulations change the way data is captured and stored within Cookies and Locally Stored Objects.

We’ve tried to summarise these changes and give some best practices below.

Previous Legislation

Previous legislation required users to be made aware that the site used Cookies but ultimately the responsibility lay with the user and sites could hide the type and nature of data collected within a Privacy Policy or Terms and Conditions – the quality and ease of finding these could vary drastically from site to site.

New Legislation

The key change is that in the majority of instances websites must gain user consent to store Cookies. The ICO has given a number of implementation mechanisms. The ICO admit that Browser technology will probably play a key part in this and to date the W3 have produced their First Draft of a standard for Online Privacy (14th November 2011).

Best Practices

Look at listing the Cookies you use on your website and their purpose. Although this does not now meet the legislation it will give a good insight to visitors and to you what information you are capturing and how this is used. A good example of this is the BBC Cookies Privacy Policy.

Where possible be guided by Browser settings thus if the user has set their browser to allow Cookies of Type A (less intrusive) but not of Type B you could assume the user has given consent for Cookies of Type A. This is not completely reliable however as many Mobile devices and Browsers do not fully support this type of distinction.

For Analytics Cookies which in my opinion are more of a “Grey” area, explain which Cookies are used. The ICO suggest perhaps a call to action when the Cookie is set to draw the users attention to any supporting information including a means informing the user of choices.

For Third Party Cookies (including those used for remarketing) and ad serving tools- show whenever and to whom information is sent, again this could be scrolling text or an icon again making clear to the user what is being stored and by whom.

If you have terms of service for users, include a section here as to what Cookies you use and why they are used to gain user consent. It is important that there is emphasis here on the user understanding and agreeing to your use of Cookies.

Consider Settings or Future Led Consent – Your site may remember which stories a user has read, allow them to customise thus you could display a dialog explaining a Cookie is needed to enhance and store a users preferences obviously then refer the user to what data the Cookie is storing.

Perhaps have a modal dialog when the user first visits a site, or a bar along the top of the screen (like the ICO site) explaining that the site uses Cookies and asking the user to opt in in conjunction with the privacy policy.

Key Dates

The ICO deferred enforcement until 2012, the key date seems to be May 2012, however in this interrim period they have advised ALL sites to review what and how they use Cookies and also to allow the internet community to report sites where they feel sites may not comply. The ICO can then review the nature of the complaint and offer guidance, or in the most severe circumstance fine the site up to £500,000.

Resources

Disclaimer

The advice above is given in good faith and does not guarantee compliance with the new legislation. Should you have any further queries we would advise contacting the ICO direct at www.ico.gov.uk.

4Ps isn’t just another SEO agency. To discuss how analytics and data analysis are evolving together in order to keep pace with new developments in privacy laws and search behaviour, give us a call on +44 (0)207 607 5650 for a no-obligation coffee and chat about data, marketing and technology across all inbound channels. What could a 4Ps analytics consulting project do for your business?