How the cookie law affects email marketing

By: TimWatson

Date: 24 May 2012

Looking through the keyholeThe much-maligned new EU cookie law isn't just about cookies. Actually, the text of the regulation doesn't even mention cookies by name. Instead, its focus is on making people more aware of how their information is used online, and helping people control their privacy.

Essentially it means people now have to actively opt-in before their information is used or their behaviour is tracked in many ways.

The new regulation also applies to other technologies that involve you placing and accessing information on someone's computer. For instance, the new rules apply to the tiny ‘web beacons' (actually small image files) used to track when a marketing email is opened.

Some criticism has been levelled at the Information Commissioner's Office (ICO) for not issuing clear guidance. But actually, to understand what's expected of companies, we need to step back from the nuts and bolts and look at what the law is trying to achieve.

One that front, the ICO's message has been consistent: businesses need to be open and transparent, because the law is intended to protect privacy and promote openness.

The new law and email marketing

Plenty has already been said about how the new law affects website cookies. (Read the IT Donut guide, if you need help). So I'm going to look at what happens if your business sends marketing messages by email.

If your company falls into that category, you probably track how people interact with your messages. Crucially, you probably have a tool that lets you see how many people open the emails you send.

Just as with cookies, you need to ask a key question about this ‘open tracking': what's its purpose? Just as all cookies aren't equal, neither is all open tracking.

If you're using open tracking to report an overall open rate for your entire email campaign, I don't see how this can come under the new law. It's just a broad way of tracking how people are interacting with your emails.

Would your email subscribers be surprised to know that you work to get emails delivered and monitor success by checking if the emails are read? I think not. And that's why I think tracking mechanisms used in this way would fall outside the law.

The law applies when the data gets personal

But here's a different theoretical case. Say a travel company spots that someone opens emails related to family holidays, then sells that information to a company which then targets them with adverts for child investment products.

This sort of open tracking would certainly fall within the regulations as it clearly involves the privacy of the individual. (I'm just using this example to make the point clear - I don't actually think anyone does anything even close to this with open tracking!)

Getting new subscribers to opt-in

Having said that, the new law is about openness and transparency. So to be safe, it's a good idea to keep your email subscribers informed about the tracking you use.

It should be relatively easy to ask new subscribers to opt-in to tracking and cookies. You have to get permission to send them emails anyway, so when you do so just add information about the tracking too.

Remember: openness and transparency are key. So don't bury the information deep in a policy privacy policy or write it using confusing language. Make it clear and obvious, and reinforce it in your welcome email. For example:

We work hard to avoid cluttering up your inbox by using technology to understand what we should send you.

Then, no matter whether you think open tracking is or isn't covered by the regulations, you'll know you're covered. And your customers will be better informed too.

Making sure current subscribers know the score

With new subscribers taken care of, think about what to do your current subscriber base. You need to ask two questions: how do you use open tracking and what would your subscribers reasonably expect you to be doing?

Again, it's about openness and transparency. You can make current subscribers aware of your use of tracking. Add information about it to your email header. Use the same language you use for new subscribers and keep the information there until it's reasonable to assume everyone's seen it. Then you can move it to your email footer.

Don't panic about your open tracking

In any case, if you have worked to promote openness and transparency you will be in a much better position with the ICO than if you have simply ignored this issue. In short:

  • Tell new email subscribers what tracking technology you used. Explain it in simple, clear language that can be easily understood.
  • Make sure you include this information if you have a soft opt-in – like when you sign people up as part of a purchasing process on your website.
  • Change your privacy policy so people who opt in to emails are also opting in to your open tracking and cookie-based tracking.
  • Provide a clear link to your full privacy policy as part of the sign up process, and add a summary to any welcome emails you send out.
  • Tell your current subscribers about tracking through an email header. You can move this to the footer once it's reasonable to think most people will have seen it.

Finally, don't panic. While the ICO can impose fines of up to £500k, they're only likely to do so in exceptional circumstances. It needs to be a serious, deliberate contravention of the law that causes substantial damage or distress. Quite simply, I find it hard to envisage a situation where email open tracking could do that.

Tim Watson is an independent email marketing consultant who writes for Smart Insights.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.