EU direct marketing & cookie legislation

EU direct marketing & cookie legislation

Recent developments have included requiring website operators to get consent from individuals to place cookies on their devices; anyone making a marketing call to display their number; and the banning of claims management services from making cold-calls.

Change continues apace with a new E-Regulation expected to replace the E-Privacy Directive (2002/58/EC) in the medium term and consideration of implementation in the UK.

Since the new laws came into effect, the ICO has been issuing Guidance to set out what website operators need to do, in particular indicating that website operators should conduct audits to:

  • check what cookies are being used on websites and how they are being used
  • assess how intrusive the use is and prioritise compliance efforts, starting with the most intrusive
  • reach a decision on what is the best solution, in the circumstances, for communicating clear and comprehensive information to users and obtaining their consent to place the cookies

Recent experience includes:

  • Assisting clients in planning and carrying out audits of cookies used on their websites
  • Evaluating the audit results
  • Helping clients select the best solution for them to comply with the regulations for each cookie used
  • Making any required changes to existing privacy policies and statements to bring them in line with the new requirements
  • Assessing business models for direct marketing compliance