What is the new ePrivacy directive?
The European Union has imposed a new ePrivacy directive, which requires explicit permission to track web visitors using cookies.
The language of the amended ePrivacy Directive – which may or may not be transposed verbatim in the laws of the member countries – is as follows:
“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.
How does it affect you?
While the directive is still extremely vague, as are its enforcement terms (or lack of them), if you do business in Europe, you will likely need to pay attention to developments. The directive is likely to be enforced differently in each member country. The United Kingdom, for example, has announced that it will give companies one year to comply.
Although the actual implementation and enforcement of the directive is very vague, we suggest that you err on the side of caution and consult your legal counsel. Every business is different and we want to make sure you are absolutely comfortable with prospect tracking.
How is Pardot helping?
Pardot is rolling out an optional parameter to Campaigns to mark them as EU Privacy Directive Compliant. Any web page or landing page tagged with this tracking code will pop up a dialog to the end user asking for permission to track them. If they click Ok, they will be tracked as normal and would not see that pop-up again unless they delete their cookies.
If they click cancel, they would not be tracked in a way that requires cookies (page views, redirect clicks, search queries, etc.). They would also not see the dialog again unless they delete their cookies. Pardot would still capture the following behavior:
- Any data explicitly submitted on a form or landing page (e.g. the visitor fills in data and clicks submit)
- Email marketing data — sent, opened, clicked, bounced, etc.
Is this directive going to stick?
Time will tell, but we have a hard time believing site visitors will like the experience of being asked about cookies on every site they visit (since the majority of these sites will use some form of analytics). A more prudent approach would be to have the browsers send signals to the sites asking to not be tracked and having it all handled behind the scenes. This would provide the least amount of friction to EU web users.