In our data-driven world, it is vital that businesses know how to win and maintain consumer trust online. In the EU this can sometimes seem even more complicated because of the increasing complexity of privacy regulations and the different approaches to implementation across 28 Member States.
With the introduction of the EU Cookie Directive and the proposed EU Data Protection Regulation, there have been concerted efforts by regulators to set common standards for data privacy across the EU. But as anyone doing business in the EU should be aware, there are still markedly different approaches to compliance and consumer attitudes across key EU markets.
From 15-19 September 2014, EU Data Protection Authorities will review compliance with the EU Cookie Directive in a new initiative named “European Cookies Sweep Day.” This coincides with an announcement from the French Data Protection Authority – CNIL – that they will start onsite and remote inspections to verify compliance with their latest cookie guidelines in October.
5 Practical Privacy Steps for EU Cookie Directive Compliance
Based on our comprehensive research and analysis, here are five practical privacy steps to make sure you are compliant and can win the trust of EU consumers:
1. Audit the tracking activity on your website.
You’ve worked hard to bring engaged visitors to your website, but chances are you’re not the only one greeting them when they arrive. Most websites today have invisible third-party trackers that collect data about site visitors. In order to comply with the EU Cookie Directive and provide transparency and choice for customers, you must first have a thorough understanding of the trackers on your site.
We used TrustArc’s Website Monitoring Manager to provide a snapshot of cookie usage on the homepages of the top 50 websites in France, Germany, Great Britain, and the Netherlands. We found that French websites were dropping nearly twice as many third-party cookies (434) on their homepages as websites in the Netherlands (237).
Do you know what’s happening on your site?
2. Check the exact compliance requirements of all the countries where you are doing business in the EU.
Since 2009, EU Member States have passed their own Cookie Laws that implement the Cookie Directive. However, these Cookie Laws are not uniform, and they vary in the standard of consent required – reflecting the differences between each Member Countries’ data protection laws. This, in turn, has resulted in a confusing patchwork of compliance obligations.
If your business is operating in more than one EU country then you need to ensure that you are compliant with the different requirements of each country.
3. Provide users with notice of the tracking on your site and a way to opt out of it on your site.
It is not just a legal requirement under the EU Cookie Directive, our research has shown that EU consumers have high levels of privacy concerns, and 83% thought that companies should get their permission before tracking them online.
The consequences of getting this wrong for businesses are significant, with 36% of French consumers choosing not to visit a company website due to privacy concerns and 34% of German consumers not using a smartphone app. Across four key European markets, 68% of consumers expected companies to comply with the Cookie Directive, and an average of 41% planned only to visit websites that did.
Tools such as our Cookie Consent Manager make it simple to give notice and offer users a way to opt out of the tracking on your site.
4. Let your customers know how good your privacy practices are by displaying a privacy certification or seal.
One of the most straightforward ways to win trust is to let your customers know how good your privacy practices are. Research in January this year found that due to increased privacy concerns, 78% of UK users are more likely to check websites and apps for a privacy certification or seal. In our EU research, 62% of French consumers, 57% of German and British consumers, and 49% of Dutch consumers trusted a website more if they saw a certification or seal.
There are a number of different privacy seals available in the EU, but research has shown that TRUSTe is the #1 privacy brand in the UK, with 54% consumer awareness. Over 5,000 customers worldwide display the TRUSTe green “certified privacy” seal on their websites or apps – including businesses in the UK, France, and the Netherlands.
5. Ensure that any advertising on your site is compliant with the latest EDAA guidelines, and consumers can opt-out through the OBA icon.
2012 saw the launch of the European Interactive Digital Advertising Alliance (EDAA). The EDAA is responsible for the licensing of an interactive OBA icon to identify ads on all websites that are delivered to internet users through online behavioral advertising (OBA) as part of the pan-European self-regulatory program. Consumers can access a preference manager directly from the interactive icon on the online ad allowing them to opt-out from OBA.
Our 2013 advertising research showed that 76% of British consumers are aware of online behavioral advertising (OBA), and 47% do not like it. However, the research also showed that good privacy practices make a difference, and 40% of consumers were more favorable about advertisers if presented with the EDAA program.