IP, Technology & Data

I am quoted in an article on the new cookies regulations in this month’s edition of B2B Marketing magazine.

B2B Marketing is a magazine for business marketers, and the article looks at some of the practical issues around implementing the necessary changes required to comply with the new regulations.

As I note in my comments, even at this late stage there is a lack of clarity on exactly what the Information Commissioner’s Office (ICO) is expecting organisations to do to achieve compliance. Interestingly, the ICO now appears to be briefing against its official guidance in media interviews, commenting that enforcement is not a priority and that things frowned upon under the guidance are unlikely to lead to enforcement action. It’s a shame that this informal briefing hasn’t been reflected in clarifications to the formal guidance.

Email campaign tracking
One last point.

I see that one of the other interviewees in the B2B Marketing article states that the new rules don’t apply to web beacons used for tracking the success of email campaigns. Whilst the ICO may not have focussed on this issue in its guidance, I don’t think that you can definitively conclude this from either the original directive or the UK regulations.

As I have noted previously, whilst the law is often referred to as the “cookies law”, the law makes no specific reference to cookies – Instead, the regulations simply talk about “information stored [on the user’s] terminal equipment.”

In practice, this means any software or code on a user’s device that can be used to track or identify that user, regardless of whether that it through a web browser or an email client. This will include mobile apps and could include open tracking in emails, depending on how the tracking is carried out.

The DMA is, understandably, lobbying the ICO to issue guidance that the new regulations do not apply to email tracking. However, the DMA is at the same time also advocating that, as a matter of good practice, marketers are upfront with their users about the use of email tracking.

This is consistent with data protection principles generally, and the reasons that the European Commission introduced changes to the previous cookie law. Organisations may therefore wish to think carefully before deciding not to review how they inform users about their use of email tracking.

Follow me

Martin Sloan

Partner at Brodies LLP
Martin is a partner in Brodies Technology, Information and Outsourcing group and has wide experience of advising clients on technology procurement and IT and business process outsourcing projects. Martin also advises on data protection (including the GDPR), and general technology and intellectual property law, and has a particular interest in the laws applying to social media and new technology such as mobile apps, contactless/mobile payments, and smart metering.
Follow me