In 2011 the Europeon Union (EU) passed legislation known as Directive 2002/58 on Privacy and Electronic Communications – a.k.a. the Cookie Law.
It requires EU websites to get users’ consent before using cookies, small files downloaded onto your device when you visit a website. On May 26, the U.K. became one of the first countries to start enforcing it.
The Cookie Law requires those setting cookies to:
- Advertisement -
- Tell visitors that cookies are being used.
- Explain what the cookies are doing.
- Obtain visitors’ consent (via a pop-up window or alert banner) to store a cookie on their device.
How does the law affect U.S. companies?
This is the trouble with the Cookie Law – even web giants like Google don’t know how to comply.
- U.S. companies that market primarily to EU consumers must comply with the law.
- U.S. companies that primarily market to U.S. consumers, but whose sites are available in the EU, have no clear compliance criteria.
- The EU cannot reasonably enforce the law outside the EU without a standard legal mechanism across borders.
What should you do?
- Advertisement -
- Consult your legal advisor immediately to ensure your site complies with current international privacy laws.
- Set Google alerts for “E-Privacy Directive” and “Cookie Law” for updates/revisions to the EU law and “Consumer Privacy Bill of Rights” for the latest on U.S. privacy legislation.
- Audit your site(s) to identify cookie types you use.
- Carefully review your privacy policy.
- Ask your customers for input. Survey your customers about new privacy initiatives before you launch them; address concerns quickly/proactively.
- Continually strengthen your customer relationship. The stronger your relationship, the more customers will share personal information.
- Face privacy issues head on. Regular discussions and consensus about privacy are a key part of organizational leadership and growth.
Bridget Butch is the user experience director at Milwaukee-based Hanson Dodge Creative
