Is the EU the cookie monster? Commission confirms new regulation to 'modernise' digital privacy.

Anita Tibbertsma
12 Jan 2017
Yes, while the UK and Australian governments are working out how they can use our online data, Europe is working on how to protect it.

The European Commission has confirmed details of regulation that will, ‘modernise’ digital privacy rules expected to be adopted May 2018.

Image of Australian Digital Advertising\ Above: An example of Australian digital advertising

Key takeaways for marketers:

  • “Users will enjoy full transparency without having to click on a banner asking for their consent on cookies each time they visit a website.”

Yes, that means mobile user experience in particular may be improved.

  • “….Storing of… text messages, emails… will not be allowed without the consent of the user.”

This may require companies to provide greater clarity around personalisation but note the proposed regulations do not apply for B2B:

  • “The General Data Protection Regulation focuses on data protection for individuals… It does not cover business-to-business communications.”

IMAGE OF HARLEY-DAVIDSON\ Above: Harley Davidson ran this digital display campaign late last year..

  • The regulations provide greater clarity around the use of cookies:

“Users also need to agree to websites using cookies or other technologies to access information stored on their computers or to track their online behaviour. The proposal clarifies that no consent is needed for non-privacy intrusive cookies improving internet experience (e.g. cookies needed to remember shopping cart history, for filling in online forms over several pages, or for the login information for the same session). Cookies set by a visited website counting the number of visitors to that website will no longer require consent.”

  • Privacy is guaranteed for content of communication as well as metadata – for example who was called, the timing, location and duration of the call, as well as websites visited. Metadata linked to electronic communications have a high privacy component and need to be deleted or made anonymous if users did not give their consent, unless the data is needed for billing purposes.”

LOL… quite the contrast to Turnbull’s approach:

"We want industry to keep for two years a limited range of metadata, which is information about a communication (the who, when and where)... No. The Government is not asking telecommunications companies to retain a person’s web-browsing history".


IMAGE OF BUPA CAMPAIGN\ Above: Bupa ran this out-of-home privacy campaign last year.

  • “Spam and direct marketing communications require prior consent. Regardless of the technology used (e.g. automated calling machines, SMS, or email), users must give consent before unsolicited commercial communications is addressed to them.”

Interestingly in Australia registered charities don’t need consent… Is that a bit out-dated? Our regulations are known as being reasonably tight in contrast to America for example but there are Australian SPAM rules that I’d describe as a little loose:

"Inferred consent means:

- The electronic address is published 'conspicuously'—that is, it is accessible to the public, or a section of the public (for example, it appears on a website or in a telephone directory or brochure)

- The address is not accompanied by a statement that commercial messages are not wanted"


In New Zealand unsolicited EDM messages can amount to a 500K fine per instance plus a company needs proof and to provide clarity as to what exactly the user is consenting to.

92% of respondents the Commission surveyed said it is important or very important that personal information on their computer, smartphone or tablet can only be accessed with their permission.

IMAGE OF NAB DISPLAY AD Above: One of NAB’s 2016 display ads.

For further details, here’s the press release.