Click here
Click here
Retail Technology, Retail technology News

Retail cookies – How new privacy regulations will affect retailers

Thursday March 1 2012

Security expert Dennis Dayman examines the impact of the European e-Privacy compliance changes and how retailers can best stay compliant

Security expert Dennis Dayman examines the impact of the European e-Privacy compliance changes and how retailers can best stay compliant


As many know, the European Union (EU) adopted new changes to the European Union (EU) e-Privacy Directive at the end of December 2009 to make consent required for placing a tracking device or technology onto consumers’ computers such as a cookie, flash, or beacon.


EU member states must enact this change by May 2011 yet it’s still unknown how each of the 28 member states will choose to enact their own laws – the UK's Information Commissioner’s Office (ICO) recently granted 12 months’ grace.


Some may allow browser settings to suffice as affirmative consent as the UK already has, while others may choose to enact the strictest version of the regulation requiring confirmed consent for each site visited, regardless of browser settings.


Additional customer processes


For Dennis Dayman, chief security and privacy officer at marketing automation software company Eloqua, he stressed that retailers must the additional impacts this regulation will have on the lifecycle management of their customers.


“As it stands today most technologies used by retail stores can capture a shoppers’ email address for future coupons or to add them to a monthly newsletter for new offers and sales,” he said. “Many retailers easily take this information into an email marketing management system like an email service provider or something in-house to begin marketing to the shopper without delay.


“However, many retailers are beginning to look at driving sales through an improved online experience or sending much more targeted and relevant offers to shoppers to get them into the stores. In doing such, tracking technologies using cookies are needed to understand who is on the online shopping site. Retailers want to know more about the buyer versus browser and what to send them next in terms of marketing. This helps retailers shorten the sales cycles to get the shopper to buy sooner rather than later and most of the time online.”


“So,” questioned Dayman, “what exactly is happening here?”


How the new directive will affect UK retailers and other EU markets?


Dayman said the amended directive now simply requires retailers to gain explicit opt-in to drop ANY tracking mechanism used to create a profile on an individual. This is something new to many, but a requirement already in full effect in Germany.


How the changes compare to what’s happening in the North America and other global markets?


As Dayman said above, the changes are actually similar to an already required process in Germany. “Today though, any country outside of the EU does NOT have such a requirement at this time,” he added. “The US though has had several bills in this area unsuccessfully move forward due to the industry’s self-regulatory practices usually winning over.”


How the new directive will be enforced and how well it will be policed?


This is a good question, according to Dayman, and one that has yet to be answered. “At this time, we know that many of the EU governments are NOT prepared for this requirement much less how to enforce it,” he said. “At the same time, we are still unsure how each and every government will take the directive and implement it for their country. Because of this unknown and possible difference between each country, the enforcement could get interesting. Until then, it is hard to say how it will be enforced and how well.”


What alternative strategies retailers can use to maintain return on investment (ROI) from marketing spend once the new initiative comes into play?


Again, Dayman said it depends on each country and the interpretation of the directive will help determine how retailers should or need to react. “An example could be that the country decided to allow for browser controls to deem consent,” he explained.” What this means is that, as an end user if your browser accepts third party cookies, then you have just given consent to the retailer to track you and create profile information based on our web surfing habits. EU marketers shouldn’t panic.


“As it stands today, in many personal situations there is a requirement already in place to gain consent to process an individual’s information. Adding this into that process should be trivial and if lucky, many countries will implement the browser consent controls idea. One thing to check on is whether or not your service provider or in-house marketing systems is garnering consent through a check box or otherwise by the time the rules came into force, on 25 May 2011.”


Dayman concluded: “Retailers should consider how tracking permission requirements could affect them. Retailers need to ensure that either their point-of-sale (POS) systems or other retail technologies can capture permission – not only to email, but also potentially track the shopper once the initial email is sent.”