This document is being provided for informational purposes only. Nothing in this document shall be construed as creating a representation, legal advice, warranty or commitment, contractual or otherwise, by Lead Liaison or any affiliate of Lead Liaison, to you or any other person or entity. It also does not guarantee that your email and/or any other aspect of your business is in compliance with state, federal, or International laws. This document is not a substitute for, should not be used in place of, and should not be considered, legal advice. It is recommended that you contact your general or legal counsel.

Background

Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (UK Regulations)

Under an added amendment to the EU privacy directive, organizations conducting online marketing campaigns in the member states must receive explicit permission, or opt-in consent, to track individuals' actions online.

This law requires website visitors are informed if cookies are being used, the purpose they are being used for and the information they hold. Moreover, the big change is that websites should first request and receive the consent of users before using cookies which are not 'strictly necessary' for the functioning of the site.

The Information Commissioner's Office (ICO) is generously giving UK organizations until 26 May 2012 to comply before it starts to enforce the regulations.

Suggestions

Undertake an initial audit of your site and the way cookies are being used. The audit should classify the individual cookies based on the role they currently play. The audit should also aim to define how third party cookies and partners are approaching new regulations.
Review your site privacy and terms of use to ensure details are provided about how cookies are being used. Your site cookie policy should accurately describe how you use your customers' data as well as the data practices on your site, including your use of analytics software and your advertising practices. Furthermore, the policy should include links to cookie advisory sites such as www.allaboutcookies.org.
1. The privacy and cookie usage policy adopted by the BBC is one of the most comprehensive – including a detailed description of all cookies used and for what purpose. http://www.bbc.co.uk/privacy/bbc-cookies-policy.shtml. British Airways has actually included a stand-alone "View our cookie policy" link on their global landing page instead of simply adding the cookie usage information within their legal information section.
Determine a method of obtaining consent for cookies, which will provide the best experience for users of your website and which will fulfill your requirements. Then put together a plan to implement this.
1. Possibly implement a solution similar to how the ICO does it. See the top potion of their website (look for the light-box with the check-box inside it): http://www.ico.gov.uk/

Lead Liaison's Approach

Although it is not entirely clear what the ICO's expectations are for cookies used for "functional uses" and "feature-led consent", Lead Liaison is exploring a "Privacy Mode" setting which will help marketers further address the EU privacy directive. Prior to the implementation of any new features and/or settings, Lead Liaison will be documenting how our technology uses cookies and what cookies we set.

With a Privacy Mode setting, Lead Liaison's platform would help marketers further comply with new opt-in requirements by automating the process of requesting opt-in consent from online visitors and automatically updating customers' databases with contacts' opt-in status. Lead Liaison users would check a setting in the application to enable the automated process.

Resources: