COVID-19 Update
Subscribe

BtoB Insiders Weigh In On U.S. Implications Of New European Tracking Regulations

Screen_shot_2011-06-17_at_3.52.36_PM
In the wake of recently proposed “Do Not Track” legislation in the U.S., new European privacy regulations have gone into effect May 26, 2011. Under an added amendment to the EU privacy directive, organizations conducting online marketing campaigns in the member states must receive explicit permission, or opt-in consent, to track individuals’ actions online. Industry insiders say there could be implications for U.S. Marketers from the EU regulations, while others point out the new rules are an opportunity to take standardized approach to privacy around the globe.

“Permission-based marketing is now more important than ever,” said Reinhard Janning, CEO of DemandGen International, Europe. “Without an explicit opt-in you cannot communicate or track your prospects. This means that your communication needs to be targeted and relevant in order to get permission to market to these prospects. In addition, you will need to make it easy for prospects to opt-in to your communications and engage in a virtual dialogue.”

The changes impact the usage of cookies and other information-storing technology. While web sites were previously required tonotify users who cookies are being used, as well as the option to opt-out, new requirements state that the user more be provided with “clear and comprehensive information about the purposes of the storage of, or access to, that information; and the opportunity to refuse the storage of or access tothat information.”

While the added requirements emphasize user consent, one expert said there are several hurdles to adherence. “The biggest hurdles that we see for marketers are: 1. Not having the proper CRM systemscontrol in place to adhere to the directive itself regardless of what countries enact; and 2. Having to gain explicit permission from users if some countries do not allow for browser consent such as automatic permission for cookies,” said Dennis Dayman, Chief Privacy & Security Officer, Eloqua. “Marketers need to start now to find interesting and innovative ways to get users interested in being tracked. This includes performing A/B split testing on different types of languages used to gain such permission. Once a balance of language and processes are found, then marketers should incorporate thatinto their programs ASAP.”

Dayman noted the confusion that many U.S. companies are facing with regard to compliance. “My phone has been ringing off-the-hook for weeks with inquiries from customers, partners and online publications asking this same question.  Should a U.S. headquartered company adhere to these changes?  Yes.  Why?  Many companies, like Eloqua, have multiple business presences throughout the world.  In all cases you are probably a registered business in these counties, which means the company is responsible for ensuring any law that governs in those regions is followed.”

Eloqua recently announced new “strict mode” features designed to help marketers comply with the EU’s privacy tracking regulations by automating the process of requesting opt-in consent from online visitors and automatically updating customers’ databases with contacts’ opt-in status. Eloqua users have to check a setting in the application to trigger the automated process, regardless of the recipient’s country of residence.

DemandGen International’s Reinhard said the new regulations will have an immediate effect on global enterprises that store data across GEOs. “Data governance becomes a critical, as you need to segment your database in order to comply with GEO specific regulations,” he said. “Anyone marketing their products and services oversees will need to comply with the new privacy regulations.”

While many organizations are unclear on how or why to implement compliance protocols to the strictest anticipated standard, Dayman said other organizations will wait to see how these new rules will impact internal processes by taking an incremental approach.  “They’ll introduce a permission checkbox for every cookie, launch new sites without tracking, or use the pop-up screen for to gain permission (the last of which is not suggested if your using a lot of different cookies).  Our suggestion is to look at launching different websites for U.S. and the E.U. and apply the necessary standards for each such as opt-in for tracking in the E.U., but not in the U.S.”

Jim Meyer, President of eTrigue, agrees that U.S. companies should consider therisk, but the majority of organizations will only monitor the situation until they see movement by companies based in the EU. “Many of the member states in the EU have failed to meet their own self mandated requirements to implement the directive,” he noted. “There seems to be an overwhelming lack of enthusiasm on the part of both business and government. It will add additional overhead to companies marketing in the EU.” Additionally, eTrigue Demand Center is designed to accommodate the option for setting cookies from emails so companies can comply with the changing regulations by region.

"With the standardization of privacy protections, unsavory players will be cut out of the market," noted Josh Aberant, Director of Privacy, Marketo. "By standardizing opt-in, opt-out and data disclosures, dishonest organizations will lose any edge their secretive methods gives them. No longer will shadowy organizations have an advantage over those businesses that are doing everything right and treating their customers with respect. Businesses that are trusted will excel in this new environment." Marketo recently opened EMEA headquarters in Ireland.