Ensure the security of your HCL environment by applying the Zero Trust princi...
Cookie Seminar | 5 juni | Damian Scragg | Evidon
1. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
The value of revealing
the invisible web
2. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Agenda
• Who is Evidon?
– Sample clients
• Regulatory Status in the US & EU
– Legal and self-regulation
– Enforcement update
– What you need to do – US & EU
– Examples of site disclosures
2
3. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
About
3
• 16 million users
• 8+ million panel
• 2,800+ trackers
on over 26 million
domains worldwide
• Only comprehensive
tracking code library
• Sees data
web scanners miss
4. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Huge Opportunity, with Just as Many Challenges
Data and tags
out of control;
You can’t
capitalize on
what you can’t see
4
5. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
When you aren’t aware of tracking, it can …
5
prevent you from being
transparent with
consumers, putting their
privacy and your compliance
at risk
slow down page load and
diminish conversions,
depress SEO rankings
allow companies to collect your
data without you knowing it,
devaluing the ads you sell and
increasing costs of the ads you buy
…increase cost and diminish revenue
A one-second
delay can cause
a
7% drop in
conversion
Source: Walmart, Page Performance & Site Conversion – Feb 2012
…the commission fined
Path $800,000…”
6. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Evidon “Reveals The Invisible Web” to Help
You…
6
Grow revenue
by controlling tracking
on your website.
Comply with global
privacy regulations and
protect consumers.
Win more marketing dollars
with new insight into where you
stand in the market.
Drive better ROI
with new insight into
the right tech partners.
coming soon
7. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved. 7
Grow revenue
by controlling tracking
on your website.
Comply with global
privacy regulations and
protect consumers.
Evidon “Reveals The Invisible Web” to Help
You…
+
8. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
EU Partners
8
• 343+ million DAILY ad
notices in the EU
• 50+ leading brands, agencies,
networks, publishers
9. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Self-Regulation
9
10. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
What You Need to Do
10
1. Audit/monitor tracking on sites
2. License icon from DAA
• Advertiser ($6,000/year
at aboutads.info)
3. Disclose everything clearly
to consumers on sites/in ads
4. Give consumers control,
including opt-out
US AdChoices Program
11. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
US Self-Regulatory Enforcement Action
• There have been 19 enforcement actions by BBB
– Quinsteet, Veruta/MyBuys, Reedge, PredictAd, Martini
Media, Forbes
Media, Gravity, OxaMedia, BlueCava, DataXu, Rovion, Turn, Fac
ilitate, RocketFuel, Specific, Kia, Initiative, Microsoft, Facebook
– Kia stands out
• More big brands will be targeted
1. Letter sent
2. Name & Shame – as above
3. Can pass to FTC for an enforcement action
11
12. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
1. Audit/monitor tracking on sites
2. License icon from EDAA
• Advertiser (€5,000/year
at edaa.com/eu)
3. Disclose everything clearly
to consumers on sites/in ads
4. Give consumers control,
including opt-out
5. Self-certify your compliance
What You Need to Do
12
EU AdChoices Programme
13. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
E.U. Self-Regulatory Programme (AdChoices)
13
• Run by European Interactive
Digital Advertising Alliance (EDAA)
• For 3rd party online behavioral
advertising
• Provide consumers with enhanced
notice and choice, similar to US
program
• Evidon first approved icon provider
14. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
The Revised EU ePrivacy Directive
14
15. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
EU ePrivacy Directive
A LAW requiring:
• Notice when collecting/using a
European consumers’data
• The means to control how
their data is used
• For all forms of tracking, not just
cookies and/or online behavioral
advertising (OBA)
• Consent
15
16. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Where The Law Stands
• EU law ratified
• Each member state
required to pass
similar law
• Data Protection Regulation
– currently drafted to a
much stricter standard
Law passed (blue)
16
Law proposed (yellow)
Norway
Iceland
Italy
Poland
Sweden
Ireland
Switzer
land
Czech
Republic Slovakia
Hungary
Lithuania
Latvia
Moldova
Bulgaria
Estonia
France
Nether
lands
Bosnia
Slovenia Croatia
Denmark
Finland
Serbia
Albania
Macedonia
Montenegro
Cyprus
Portugal
Belgium
United
Kingdom
Germany
Austria
Romania
Greece
Spain
Lux.
17. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Updates to legal landscape
• Trend that implied consent is generally acceptable
model
– Denmark: No change in law, but in April Danish
regulators issued updated guidance that an implied
approach will suffice
– Norway: The proposed new law would replace the
current suggested requirement of a strict opt-in
approach
– Poland: Law took effect in March and implied
consent with appropriate notice through banners is the
accepted approach
17
18. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
What You Need to Do
18
1. Audit/monitor tracking
on sites
2. Disclose everything clearly to
consumers on sites/in ads
3. Gain consumer consent to be
tracked, based on standard of each
member state
EU ePrivacy Directive
19. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
But what does “gain consumer consent”
really mean?
19
20. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Explicit Consent Option
20
21. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
US Example
22. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Nestle.nl
22
23. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Nestle Cookie Control
23
24. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
P&G UK
24
25. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
P&G UK
25
26. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Kimberly Clark
26
27. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved. 27
Site Notice: Implied Consent Option, First Visit
Cookie Consent
28. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved. 28
Implied Consent Option After Clicking on
Cookie Consent Icon
29. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved. 29
Implied Consent Option After Clicking on Cookie
Consent Icon and Expanding Options
30. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Differing Standards of Consent
• Even Google & Yahoo! have recently started to display
cookie consent banners
• Banners & Buttons
• Banner only
– With tricky navigation to choices
• No consent control
– Just link to cookie policy
• Nothing at all!!!
30
31. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
In Summary
• The “Cookie Law” isn’t going away
• Updated Data Protection Regulations are likely to bring
– Stricter guidelines
– Higher standards of enforcement
• Self-regulation does work
– Expect enforcement in Europe
• As an industry we should do what we can to make these laws
and regulations work
– By showing willing, hopefully it will avoid over-involvement by the
law makers
31
32. Confidential | Draft for Discussion Purposes Only
2013 Evidon, Inc. All Rights Reserved.
Thank You.
Damian Scragg
Managing Director, EMEA
dscragg@evidon.com
Notes de l'éditeur
But we’re here to talk about cookies……….you are all familiar with theAdChoices iconThe US programme started 3 years ago with the formation of the DAA – ultimately reporting to the FTC and policed by BBBThe EU programme was formalised at the end of last year – although clients like ClickDistrict started running the icon a year earlier.The Canadian programme is almost finalised and we hear that Australia will be next.
KIAWhat Happened: The Accountability Program visited the www.kia.com website used five web browsers (i.e. Chrome, Firefox, Internet Explorer, Opera and Safari). They observed third parties known to engage in OBA that were collecting user data through various tracking pixels embedded in the site. Within the same browsing session, the Accountability Program then visited multiple non-affiliated websites and was served with Kia ads. None of these ads contained the enhanced notice required under the Transparency Principle (which is given most often via the DAA AdChoices Icon). Thus, the Accountability Program initiated a formal inquiry with Kia to determine why the ads did not contain the requisite notice. Kia’s Response:In response to the Accountability Program inquiry, Kia has instructed Initiative, its media agency, that it expects its third-party ad networks to comply with the OBA Principles, including serving the AdChoices Icon. Furthermore, Kia also stated that it would license its own DAA AdChoices Icon in order to implement its own ability to serve the AdChoices Icon (rather than just rely on third-party ad networks to do so). Initiative stated that, as instructed by Kia, it was working with advertising networks to ensure that all Kia OBA campaigns going forward would be in compliance with the OBA Principles. WILL THERE BE A US LAW:We would be surprised based on regulatory conversations so far, there doesn’t appear to be an appetite for this kind of legislation.
EDAAUK – Advertising Standards Authority CAP Code – Code of Advertising PracticeThere has been no enforcement action yet as the programme is so new
Talking Points:- Regulators expect a much higher standard/level of enforcement than the ePrivacy Directive
Denmark - No change in the law, but in April the Danish regulator issued updated guidance re-affirming that an implied consent approach will suffice, so long as the user is provided with an appropriate notice (when first visiting the web site) setting out appropriate information on the use of cookies, a link to an appropriate 'cookie policy' - with information on how to reject the website's use of cookies. A cookie-consent tool (to adjust cookie settings) is also recommended. Norway - The proposed new law would replace the current suggested requirement of a strict opt-in approach with an implied consent approach based on browser settings - backed by sufficient information on the use of cookies, their purpose and the identity of the parties processing the information. Poland - In practice nothing has changed - the law took effect in March and implied consent with appropriate notice through banners is the accepted approach and enforcement will be to that level. Hence clear and unambiguous information about cookies, their purpose, the user's right to access information about them and the ability to accept or refuse cookies is the accepted standard. So, in summary these developments simply confirm the trend that 'implied consent' is the generally accepted model and therefore, your solution will work across jurisdictions.
Well thankfully not this anymore………
This is below the fold – about 4 or 5 pages down, acceptable as it is self-regulation
Law requires informed consent based clear and comprehensive information
Specific consent
We recently met with the ICO and they don’t expect to have to issue monetary penalties – however, they are stepping up the contacting of businesses and we see this as we get waves of people interested in how we can help them.But to put some perspective on the importance that consumers give this – in a certain period last year when the ICO received 200 complaints relating in some way to the Directive, they received 30,000 consumer complaints relating to people receiving spam text messages.