EU Privacy Directive Update
Hannah Evershed, Mindshare, April 2011
In May 2011 an EU Privacy Directive will be interpreted and enacted via local country legislation. The Directive’s main ambition is to protect and inform consumers of their digital rights and how their data is being used to target them with advertising across digital devices. Similar developments are happening in the USA where the government is weighing various online data protection regulations. Mindshare and GroupM are taking a proactive approach to support our clients with best-practice self-regulation guidelines in all digital advertising, which has already launched in some IAB markets and will be in place regionally by June 2012.Details
The EU Privacy Directive relates to the usage of cookies to target specific audiences based on anonymous profiling via their online behavior, e.g., through network and behavioral targeting buys. The Directive is not clear if this relates to third party cookies only. However, it is generally understood not to include cookies specifically owned by or delivering user-explicit benefits from the Web site a consumer is visiting, e.g. cookies used by a publisher or brand Web site to deliver useful functionality within their own Web site. The directive’s core requirement is to define how consumer’s “opt-in” or “opt-out�� to cookies, and what level of information the consumer must be provided when cookies are used so they are sufficiently informed. The IAB and industry’s current interpretation of the EU Privacy Directive is that if a user accepts cookies via their browser settings they are “opting-in” to third-party cookies.Implications
The local market interpretation of the EU directive could vary widely; some markets are considering an automatic opt-in approach with clearly sign-posted links on any online advertisement to information about cookies, their usage, opt-out functionality, and consumer data rights information. Alternatively other markets could take an automatic opt-out approach; in this scenario consumers have to take some action (e.g., click) to explicitly approve the use of third-party cookies.
In order to avoid the later and more draconian scenarios, Mindshare is working with WPP and the advertising industry to develop a proactive self-regulation approach that provides clients with best-practice privacy initiatives, guidelines, and tools to enable self-regulation. Such a self-regulatory approach would provide consumers with reassurance of their privacy and anonymity while enabling advertisers to continue ethically targeting anonymous user groups online as well as tracking their online campaigns.
For example, in the USA we have launched and are evolving the Privacy Matters initiative that sets out clear guidelines for Web sites and advertising companies to adhere to consistent industry best-practice self-regulation. In the EU, we are considering a similar program, in which a small “privacy” icon is placed within any advertisement that has been behaviourally targeted. Clicking on the icon would result in a pop-up box detailing why the ad has been shown and the company responsible for targeting the ad. A further click would enable users to visit a site such as www.youronlinechoices.com
where the consumer could opt-out of receiving further behaviourally targeted ads from that company.Summary
The EU directive deadline is imminent and debate continues in the US Congress. Consequently, we recommend you stay in contact with your local Mindshare IAB teams to monitor and discuss specific actions and implications based on local market nuances in final legislation. Mindshare has more details on the current US self-regulation model as well as the status of proposed EU program. We are happy to answer any questions as well as getting your input and contribution in the final model to ensure we avoid any unnecessary legislation and ultimately implement a solution that meets both brands and consumers’ interests.