Escolar Documentos
Profissional Documentos
Cultura Documentos
Europes
Spam and Cookie Directives
http://web.bluebirdstrat.com/blog/are-you-in-compliance-eu-spam-and-cookiedirectives
By Carol Spillman & Sue Hay | Aug 4, 2014 11:57:00 AM | Spam, Email
Spam,European Spam and Cookie Directives, EU Spam Laws
The online collection of information and electronic spam have long been a concern
for the European Union. Member States have two privacy directives to work from
that indicate how privacy and electronic communications (spam) and protection of
personal data (cookie) legislation should be enacted in every EU country. Though
both directives are widely interpreted and enforced, depending on the country, they
serve as a basis for understanding how to ensure youre in compliance with EU
online communication laws.
Spam
Email spam laws in Europe all fall under one European Union directive, which in
theory, makes email marketers in all EU countries subject to the same expectations.
In practice, however, the 2002 EU directive set guidelines, but each member state
has had to enact its own unique laws for electronic communications. Taking an opt-in
stance on email communications, the EU Directive 2002/58/EC stipulates the
following guidelines for electronic communications:
An opt-out (or unsubscribe) option must be easy and clear for recipients of
commercial messages
What does it take to be in compliance?
Because the EU directive isnt technically a law, each member state has the flexibility
to implement email spam laws at their own discretion resulting in varying levels of
legislation.
Laws in each country are pertinent to marketers in different countries, since they
pertain to all recipients within that country. All email marketing laws can be seen on
the European legislation chart below. Each countrys legislation either mandates
explicit consent (for which an opt-in is required) or implicit consent (for which an optout is required). The Informed Consent category found in the chart below relates to
the Cookie legislation in each country, which is discussed later in this post.
There are a variety of penalties for spam law infractions, and most depend on intent
and degree of severity. In general, its better to be in compliance as quickly as
possible with the EU electronic communications directive stipulations than to risk
penalties by under-compliance.
States need to enact laws to meet the new cookie requirements. The Cookie
Directive usually requires an opt-in method of consent, which means Cookies should
be turned off so they dont begin immediate tracking, although implied consent can
work per the ICO in some cases. Using cookies on any website requires that
businesses clearly and explicitly inform users what their information will be used for.
Also the directive requires you to a bit more to be in compliance:
1.
2.
Make your Cookie policy and controls easy to find and prominent on the
website
3.
What is exempt?
The EU Cookie Directive states that cookies that are strictly necessary are exempt
from opt-in. Though this statement is not clearly defined and has been interpreted in
different ways in different countries, it is likely to include cookies that are used to
remember items in online shopping carts, cookies used to secure confidential
information (i.e. online banking security) and cookies used to enhance web page
load time. If your cookie usage goes beyond those three categories, you must then
comply with the EU Cookie Directive.
Since the Cookie Directive technically isnt a law, it is required that each Member
State enact a law based on an interpretation of the 2011 directive. Its true that
legislation varies from country to country. However, for companies collecting
information from users in Europe, gaining consent before collecting information is the
safest business practice. Consultation with your legal advisors is recommended to
determine your businesss best course of action.
EU Member Consent
State
Method
Practical Interpretation
Austria
Unclear
Implied
Implied
Croatia (Non
Explicit
member)
Cyprus
Explicit
Czech
Republic
Implied
Denmark
Implied
Estonia
Implied
Finland
Unclear
France
Explicit
Germany
Explicit (per
Explicit consent is required for any cookies that process personal
personal
data, implied is acceptable for all other types.
data)
Greece
Explicit
Belgium
Bulgaria
Hungary
Browser
settings
Iceland
Ireland
Browser
settings
Italy
Implied
Latvia
Explicit (for
No official guidance has been issued by Data State Inspectorate
personal
to current date regarding collection of consent for use of cookies.
data)
Liechtenstein
Lithuania
Browser
Luxembourg
settings
Malta
Netherlands
Explicit
(with
burden-ofproof)
Norway
Poland
Browser
settings
(explicit for
prior to any setting or reading of cookies.
targeted ads)
Portugal
Explicit
Romania
Implied
Slovakia
Browser
settings
Slovenia
Browser
settings
Spain
Browser
settings
Sweden
Browser
settings
Implied
United
Kingdom