15 June 2007
Bluelinemedia marketing specialist Ben Jeffery takes a look at new EU Legislation.

Introduction

The Privacy and Electronic Communications Regulations 2003 effectively brings the regulations of offline marketing to the internet, protecting users and providing requirements for companies using websites and email marketing for their business. This article offers a summary of how the regulations could affect your business, although it should not be taken as absolute guidance - if you want to make sure your site is compliant, contact your web designer or seek professional advice.

Privacy on the internet

Some anti-spamming organisations and critics are already saying the privacy legislation doesn't go far enough, but it certainly makes significant changes that business owners and web managers will need to meet.

The legislation applies to personal users rather than business users, although in the case of email and site login this can often be the same thing - an individual user login will be subject to the same rules.

Email marketing

As with offline marketing, personal users should not be sent email unless they have given permission. This means that you need to have obtained their contact details in the course of a sale (i.e. they are a contact/prospect) or at their request (e.g. subscribing to a mailing list).

Importantly, at the time of providing these details, users must be informed of exactly what they will be used for, how their personal information will be secured, and how to remove their details from your system. Information and the ability to unsubscribe or remove details must be clear and simple.

Website privacy

Many of the accusations of privacy invasion on the internet centre around cookies or similar files. These are small files that are stored on a user's computer and can store personal details or preferences, as well as track the user's behaviour on the site.

They are only seen to involve someone's personal privacy if they specifically link personal information with action. For example, while recording that an anonymous user visited a certain page seven times in one day would be OK, knowing that Joe Bloggs used the site at 10am would be subject to the regulations.

If cookies are used on a site, then a well-advertised page needs to inform the user of what this involves (for example a link to a privacy policy page on the first page of the site). Again, the site needs to explain what the cookies will record and what information will be used, and explain simply how to turn the cookies off. Complete compliance requires a "one-click opt out", meaning that during the process of registration users can simply tick a box or click a single link to avoid the cookies.

Where personal data is stored, the company also has an obligation to keep that information secure and meet its own privacy policy, which in turn requires the site to explain how the data will be secured, and if a risk remains to explain exactly what action the user should take to protect their data.
Bringing the internet up to date

The new regulations essentially provide protection of personal details in just the same way as they should expect offline. Every website should do its best to keep its users informed and to remain professional and respectful about how personal data is used. The new legislation simply solidifies these rights.