• Complying With the Cookie Directive for Email Communications
  • May 4, 2012 | Author: Peter F. McLaughlin
  • Law Firm: Foley & Lardner LLP - Boston Office
  • The Cookie Directive has caused a great deal of concern among firms with a web presence in Europe. However, across the European Union governments have gradually adopted either legislation or regulatory enforcement stances that are based on an opt out approach - that is prior explicit consent for cookie dropping is not required.

    The Cookies Directive does not, on its face, apply to electronic communications through email. However, because email and similar consumer communications increasingly contain tags, clear gifs, the ability to place cookies, and other technology tools, the potential overlap between the email rules and the cookie rules has resulted in questions about whether the cookies provisions of the Cookies Directive applies to email marketing.

    This is not generally the case. The Cookies Directive is specifically focused on first or third party cookie dropping for advertising, or ‘retargeting’ purposes, and obliges a higher degree of transparency disclosure and an opportunity to opt out, as exemplified by the Internet Advertising Beau’s Your Online Choices recommendations. Cookies dropped by a third party email marketing vendor operating under contract from a client would not require a separate consent, but applying an opt out rationale, we have the following recommendations for organisations who send email marketing to their customers which contain tags and similar devices.

    Practical Tips

    1. Make sure you have a reliable means to identify which of your communications contain tracking tools and which tools are used in each message.

    2. Develop a policy statement specific to the inclusion of such tools within email and similar communications. While this can be based on provisions you have developed for web pages, it is important to confirm that modifications to that statement accurately reflects how cookies and other tags are used in the messaging context.

    3. In addition to whatever privacy policy link you may already include with your communications, we recommend a separate, easily visible footer link, that is specific to the use of cookies and other tools. The reason for this is that even an increasingly sophisticated audience does not always think of tracking technology associated with electronic communications.

    4. As with the familiar Unsubscribe requirement, it is important that you have a means to either a) delivering messages without tracking tools to those who opt out or b) removing those recipients broadly from your communications white lists.