What is the new ePrivacy directive?

The European Union has imposed a new ePrivacy directive, which requires explicit permission to track web visitors using cookies.

The language of the amended ePrivacy Directive – which may or may not be transposed verbatim in the laws of the member countries – is as follows:

“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing.  This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.

How does it affect you?

While the directive is still extremely vague, as are its enforcement terms (or lack of them), if you do business in Europe, you will likely need to pay attention to developments. The directive is likely to be enforced differently in each member country. The United Kingdom, for example, has announced that it will give companies one year to comply.

Although the actual implementation and enforcement of the directive is very vague, we suggest that you err on the side of caution and consult your legal counsel. Every business is different and we want to make sure you are absolutely comfortable with prospect tracking.

How is Pardot helping?

Pardot is rolling out an optional parameter to Campaigns to mark them as EU Privacy Directive Compliant. Any web page or landing page tagged with this tracking code will pop up a dialog to the end user asking for permission to track them. If they click Ok, they will be tracked as normal and would not see that pop-up again unless they delete their cookies.

If they click cancel, they would not be tracked in a way that requires cookies (page views, redirect clicks, search queries, etc.). They would also not see the dialog again unless they delete their cookies. Pardot would still capture the following behavior:

  • Any data explicitly submitted on a form or landing page (e.g. the visitor fills in data and clicks submit)
  • Email marketing data — sent, opened, clicked, bounced, etc.

Permission Based Tracking Example

Permission Based Tracking Settings

Is this directive going to stick?

Time will tell, but we have a hard time believing site visitors will like the experience of being asked about cookies on every site they visit (since the majority of these sites will use some form of analytics). A more prudent approach would be to have the browsers send signals to the sites asking to not be tracked and having it all handled behind the scenes. This would provide the least amount of friction to EU web users.

Adam Blitzer

Posts Google+

7 responses to Pardot’s take on the EU ePrivacy Directive

  1. Thanks for posting this Adam – good to know that Pardot is on top of this. My German colleagues will appreciate this!

  2. Good job being proactive, Adam.

    That said, is there any way for the pop-up to only appear when the IP is coming from the EU? In other words, we do a measurable, but small percentage of business in the EU, so how do we best comply while not complicating things for non-EU customers?

    • Thanks Marcus.

      That’s a good question. You could do that fairly easily using some PHP and a database like the one from Maxmind (free). It would take a bit of scripting knowledge though. We’d be happy to publish some thoughts on how to do it. Basically what would happen is it would display your default tracking code (with no pop-up) to your visitors unless it detected that they were from the EU, in which case it would switch to the other tracking code and throw the warning.

      I’ll have our VP of Products, Zach Bailey, post some thoughts on that early next week. We use that technique on our own site, though for other purposes.

Trackbacks and Pingbacks:

  1. Enable tracking opt-in on a per country basis | Pardot Marketing Automation Blog - June 15, 2011

    […] = 'wpp-257'; var addthis_config = {"data_track_clickback":false};A couple of weeks ago we released an optional tracking parameter that would request permission before tracking a visitor. This was done to comply with the recent EU […]

  2. newsletter from McRae and Company July issue 2011 | mcraeandcompany - July 25, 2011

    […] must give every site visitor from europe the choice to opt-out of behaviour tracking, thereby preventing activities like page view and file downloads from being tracked. In the EU, […]