Loading ...
Sorry, an error occurred while loading the content.

EU ePrivacy Directive

Expand Messages
  • ju2ltd
    If you are a website hosted in the US with 90% unique visitors from the US but with a development team based in the EU. Would you have to comply with the EU
    Message 1 of 4 , Oct 31, 2011
    • 0 Attachment
      If you are a website hosted in the US with 90% unique visitors from the US but with a development team based in the EU.

      Would you have to comply with the EU directive requiring informed consent prior to setting cookies? For all our users or just EU users?

      Regardless of the legal position, I note that Firefox and Chrome already have Do Not Track settings so in the near future visitors will be able to easily switch off all cookies - functional, 1st and 3rd party.

      I am pretty confident we can win consent for functional cookies and even tracking cookies (i.e. Google Analytics cookies) but I suspect that if asked most visitors would not give consent for 3rd party cookies served by ad networks.

      Removing ad cookies is likely to severely reduce eCPMs which could be a real issue for ad supported websites.

      May be this forum is not the best place to discuss these issues but I would be interested to find out what others are doing about this issue.
    • Matthias Bettag
      Hi Jim, I don t think the development team matters here. In my company we have a consolidated development network across several countries in four continents
      Message 2 of 4 , Nov 2, 2011
      • 0 Attachment
        Hi Jim,

        I don't think the development team matters here. In my company we have a
        consolidated development network across several countries in four
        continents where workload is switched around, but where the developers
        sit is not of any interest for our data protection officer. The problem
        occurs when providing a website (also) for citizens of the EU.

        From a pure legal perspective (today) a cookie opt-in would be only
        mandatory for visitors from the EU (presuming that this becomes law in
        all EU countries, which is not yet everywhere decided). How this could
        be ensured when the website is owned by a US company without any legal
        entity in Europe I don't know. I cannot image access to such websites
        from the EU would be blocked.

        Global browser settings are not sufficient, unfortunately. At least not
        the current settings. As all EU regulations have to be tranformed to
        country law, there is some room for interpretation. It is possible (but
        imho unlikely) that a global browser setting would be seen as legal
        compliant. What is needed from a privacy perspective is a transparent
        (not easy) and easy-to-understand (really hard) explanation which allows
        a user to really take a choice. By now, most poeple -including a bunch
        of decision makers- do not even know what is the difference between 1st
        and 3rd party cookies. *sigh*

        btw, session cookies are out of the discussion. And yes, I would not
        expect a vast majority of users to allow 3rd party cookies. But let's
        see - my opinion on many TV shows is also not at all reflected by the
        viewing rates... (I still don't change my mind. Never ever ;-)

        My assumption IF the cookie opt-in would become mandatory (AND
        violations would be prosecuted) is NOT that that this is the end of WA
        as we know it. But some vendors and especially ad-networks would be in
        trouble. There would still be a huge demand to optimize and to
        understand the user, to segment and to aim the right target audience.
        This may result in a stronger focus on an initial online strategy if
        realtime test and optimization is somewhat hindered. The challenge would
        then be to correctly interpret the user behavior when having less and/or
        incomplete data. But at least the outcome can still be measured for most
        online initiatives.

        also, I read this interesting article today:
        http://econsultancy.com/uk/blog/8210-q-a-lbi-s-manley-on-preparing-for-the-eu-cookie-laws

        just my 2 cents, hope that helps.

        best,
        Matthias

        Am 02.11.2011 21:12, schrieb Matthias Bettag:
        >
        >
        > EU ePrivacy Directive
        > <http://groups.yahoo.com/group/webanalytics/message/28618;_ylc=X3oDMTJzaWdmdGFsBF9TAzk3MzU5NzE1BGdycElkAzEyOTc5MTQxBGdycHNwSWQDMTcwNTAwNTU4MgRtc2dJZAMyODYxOARzZWMDZG1zZwRzbGsDdm1zZwRzdGltZQMxMzIwMDY3OTE5>
        >
        >
        >
        > Posted by: "ju2ltd" jim@...
        > <mailto:jim@...?Subject=%20Re%3A%20EU%20ePrivacy%20Directive> ju2ltd
        > <http://profiles.yahoo.com/ju2ltd>
        >
        >
        > Mon Oct 31, 2011 6:14 am (PDT)
        >
        >
        >
        > If you are a website hosted in the US with 90% unique visitors from
        > the US but with a development team based in the EU.
        >
        > Would you have to comply with the EU directive requiring informed
        > consent prior to setting cookies? For all our users or just EU users?
        >
        > Regardless of the legal position, I note that Firefox and Chrome
        > already have Do Not Track settings so in the near future visitors will
        > be able to easily switch off all cookies - functional, 1st and 3rd party.
        >
        > I am pretty confident we can win consent for functional cookies and
        > even tracking cookies (i.e. Google Analytics cookies) but I suspect
        > that if asked most visitors would not give consent for 3rd party
        > cookies served by ad networks.
        >
        > Removing ad cookies is likely to severely reduce eCPMs which could be
        > a real issue for ad supported websites.
        >
        > May be this forum is not the best place to discuss these issues but I
        > would be interested to find out what others are doing about this issue.


        [Non-text portions of this message have been removed]
      • BClifton
        Adding my 2 cents The EU Privacy law is applicable today - it came into affect on 25th May 2011. What is taking longer is the ability of the member states to
        Message 3 of 4 , Nov 3, 2011
        • 0 Attachment
          Adding my 2 cents

          The EU Privacy law is applicable today - it came into affect on 25th May 2011. What is taking longer is the ability of the member states to interpret it correctly and enforce it. See:

          http://www.advanced-web-metrics.com/blog/2011/06/16/google-analytics-and-the-new-eu-privacy-law-2/

          As Jim says, this is not about where your dev team is based or your web site hosted, its about where your business is registered (or where you live if it is a personal website). So if you have a registered office in the EU you must abide by the laws of the EU.

          If you are registered in the US only, but you also ship to the EU, then this does not apply to you. Though its only a matter of time before the US/Can et al also have something like this....!

          Best regards, Brian


          --- In webanalytics@yahoogroups.com, Matthias Bettag <m.bettag@...> wrote:
          >
          > Hi Jim,
          >
          > I don't think the development team matters here. In my company we have a
          > consolidated development network across several countries in four
          > continents where workload is switched around, but where the developers
          > sit is not of any interest for our data protection officer. The problem
          > occurs when providing a website (also) for citizens of the EU.
          >
          > From a pure legal perspective (today) a cookie opt-in would be only
          > mandatory for visitors from the EU (presuming that this becomes law in
          > all EU countries, which is not yet everywhere decided). How this could
          > be ensured when the website is owned by a US company without any legal
          > entity in Europe I don't know. I cannot image access to such websites
          > from the EU would be blocked.
          >
          > Global browser settings are not sufficient, unfortunately. At least not
          > the current settings. As all EU regulations have to be tranformed to
          > country law, there is some room for interpretation. It is possible (but
          > imho unlikely) that a global browser setting would be seen as legal
          > compliant. What is needed from a privacy perspective is a transparent
          > (not easy) and easy-to-understand (really hard) explanation which allows
          > a user to really take a choice. By now, most poeple -including a bunch
          > of decision makers- do not even know what is the difference between 1st
          > and 3rd party cookies. *sigh*
          >
          > btw, session cookies are out of the discussion. And yes, I would not
          > expect a vast majority of users to allow 3rd party cookies. But let's
          > see - my opinion on many TV shows is also not at all reflected by the
          > viewing rates... (I still don't change my mind. Never ever ;-)
          >
          > My assumption IF the cookie opt-in would become mandatory (AND
          > violations would be prosecuted) is NOT that that this is the end of WA
          > as we know it. But some vendors and especially ad-networks would be in
          > trouble. There would still be a huge demand to optimize and to
          > understand the user, to segment and to aim the right target audience.
          > This may result in a stronger focus on an initial online strategy if
          > realtime test and optimization is somewhat hindered. The challenge would
          > then be to correctly interpret the user behavior when having less and/or
          > incomplete data. But at least the outcome can still be measured for most
          > online initiatives.
          >
          > also, I read this interesting article today:
          > http://econsultancy.com/uk/blog/8210-q-a-lbi-s-manley-on-preparing-for-the-eu-cookie-laws
          >
          > just my 2 cents, hope that helps.
          >
          > best,
          > Matthias
          >
          > Am 02.11.2011 21:12, schrieb Matthias Bettag:
          > >
          > >
          > > EU ePrivacy Directive
          > > <http://groups.yahoo.com/group/webanalytics/message/28618;_ylc=X3oDMTJzaWdmdGFsBF9TAzk3MzU5NzE1BGdycElkAzEyOTc5MTQxBGdycHNwSWQDMTcwNTAwNTU4MgRtc2dJZAMyODYxOARzZWMDZG1zZwRzbGsDdm1zZwRzdGltZQMxMzIwMDY3OTE5>
          > >
          > >
          > >
          > > Posted by: "ju2ltd" jim@...
          > > <mailto:jim@...?Subject=%20Re%3A%20EU%20ePrivacy%20Directive> ju2ltd
          > > <http://profiles.yahoo.com/ju2ltd>
          > >
          > >
          > > Mon Oct 31, 2011 6:14 am (PDT)
          > >
          > >
          > >
          > > If you are a website hosted in the US with 90% unique visitors from
          > > the US but with a development team based in the EU.
          > >
          > > Would you have to comply with the EU directive requiring informed
          > > consent prior to setting cookies? For all our users or just EU users?
          > >
          > > Regardless of the legal position, I note that Firefox and Chrome
          > > already have Do Not Track settings so in the near future visitors will
          > > be able to easily switch off all cookies - functional, 1st and 3rd party.
          > >
          > > I am pretty confident we can win consent for functional cookies and
          > > even tracking cookies (i.e. Google Analytics cookies) but I suspect
          > > that if asked most visitors would not give consent for 3rd party
          > > cookies served by ad networks.
          > >
          > > Removing ad cookies is likely to severely reduce eCPMs which could be
          > > a real issue for ad supported websites.
          > >
          > > May be this forum is not the best place to discuss these issues but I
          > > would be interested to find out what others are doing about this issue.
          >
          >
          > [Non-text portions of this message have been removed]
          >
        • ju2ltd
          Matthias, Thanks for the reply I need to clarify where we are registere and begin to think about what we are going to do about our EU customers. Jim.
          Message 4 of 4 , Nov 7, 2011
          • 0 Attachment
            Matthias,

            Thanks for the reply I need to clarify where we are registere and begin to think about what we are going to do about our EU customers.

            Jim.

            --- In webanalytics@yahoogroups.com, Matthias Bettag <m.bettag@...> wrote:
            >
            > Hi Jim,
            >
            > I don't think the development team matters here. In my company we have a
            > consolidated development network across several countries in four
            > continents where workload is switched around, but where the developers
            > sit is not of any interest for our data protection officer. The problem
            > occurs when providing a website (also) for citizens of the EU.
            >
            > From a pure legal perspective (today) a cookie opt-in would be only
            > mandatory for visitors from the EU (presuming that this becomes law in
            > all EU countries, which is not yet everywhere decided). How this could
            > be ensured when the website is owned by a US company without any legal
            > entity in Europe I don't know. I cannot image access to such websites
            > from the EU would be blocked.
            >
            > Global browser settings are not sufficient, unfortunately. At least not
            > the current settings. As all EU regulations have to be tranformed to
            > country law, there is some room for interpretation. It is possible (but
            > imho unlikely) that a global browser setting would be seen as legal
            > compliant. What is needed from a privacy perspective is a transparent
            > (not easy) and easy-to-understand (really hard) explanation which allows
            > a user to really take a choice. By now, most poeple -including a bunch
            > of decision makers- do not even know what is the difference between 1st
            > and 3rd party cookies. *sigh*
            >
            > btw, session cookies are out of the discussion. And yes, I would not
            > expect a vast majority of users to allow 3rd party cookies. But let's
            > see - my opinion on many TV shows is also not at all reflected by the
            > viewing rates... (I still don't change my mind. Never ever ;-)
            >
            > My assumption IF the cookie opt-in would become mandatory (AND
            > violations would be prosecuted) is NOT that that this is the end of WA
            > as we know it. But some vendors and especially ad-networks would be in
            > trouble. There would still be a huge demand to optimize and to
            > understand the user, to segment and to aim the right target audience.
            > This may result in a stronger focus on an initial online strategy if
            > realtime test and optimization is somewhat hindered. The challenge would
            > then be to correctly interpret the user behavior when having less and/or
            > incomplete data. But at least the outcome can still be measured for most
            > online initiatives.
            >
            > also, I read this interesting article today:
            > http://econsultancy.com/uk/blog/8210-q-a-lbi-s-manley-on-preparing-for-the-eu-cookie-laws
            >
            > just my 2 cents, hope that helps.
            >
            > best,
            > Matthias
            >
            > Am 02.11.2011 21:12, schrieb Matthias Bettag:
            > >
            > >
            > > EU ePrivacy Directive
            > > <http://groups.yahoo.com/group/webanalytics/message/28618;_ylc=X3oDMTJzaWdmdGFsBF9TAzk3MzU5NzE1BGdycElkAzEyOTc5MTQxBGdycHNwSWQDMTcwNTAwNTU4MgRtc2dJZAMyODYxOARzZWMDZG1zZwRzbGsDdm1zZwRzdGltZQMxMzIwMDY3OTE5>
            > >
            > >
            > >
            > > Posted by: "ju2ltd" jim@...
            > > <mailto:jim@...?Subject=%20Re%3A%20EU%20ePrivacy%20Directive> ju2ltd
            > > <http://profiles.yahoo.com/ju2ltd>
            > >
            > >
            > > Mon Oct 31, 2011 6:14 am (PDT)
            > >
            > >
            > >
            > > If you are a website hosted in the US with 90% unique visitors from
            > > the US but with a development team based in the EU.
            > >
            > > Would you have to comply with the EU directive requiring informed
            > > consent prior to setting cookies? For all our users or just EU users?
            > >
            > > Regardless of the legal position, I note that Firefox and Chrome
            > > already have Do Not Track settings so in the near future visitors will
            > > be able to easily switch off all cookies - functional, 1st and 3rd party.
            > >
            > > I am pretty confident we can win consent for functional cookies and
            > > even tracking cookies (i.e. Google Analytics cookies) but I suspect
            > > that if asked most visitors would not give consent for 3rd party
            > > cookies served by ad networks.
            > >
            > > Removing ad cookies is likely to severely reduce eCPMs which could be
            > > a real issue for ad supported websites.
            > >
            > > May be this forum is not the best place to discuss these issues but I
            > > would be interested to find out what others are doing about this issue.
            >
            >
            > [Non-text portions of this message have been removed]
            >
          Your message has been successfully submitted and would be delivered to recipients shortly.