The ‘Cookie Law’ and email marketing

5 minute read

If you’re a UK marketer then you can’t have missed the recent talk of the ‘Cookie Law’, or Privacy and Electronic Communications (EC Directive) Regulations 2011 which came into effect on 26th May 2011 and became enforceable exactly a year later, on 26th May 2012.

As legislation goes, it’s well meaning but terribly designed, and exactly what you’d expect to get when the people writing the laws don’t understand the technology. The fact that the UK body responsible for enforcing the law, the Information Commissioner’s Office, has failed to give clear advice on how companies should comply with the regulations, and that most UK Government websites are not yet compliant, says it all.

Anyway, rant over – it’s still a law,  it’s not going away and if you’re based in the EU then you need to care about it as it does effect you.

I’m not going to talk about how the regulations affect websites as that’s been covered in many excellent articles by others, including our good friends at Codegent (The EU Cookie Crisis Explained).

Implications for email marketing

What many have failed to talk about is that this isn’t simply a ‘Cookie Law’, it’s an update of the EU privacy regulations which affects any technology that stores or uses data on a person’s device – and that includes email marketing; in particular open rate tracking, which uses the download of a small image to track if a user has opened an email.*

The good news is that if you’ve already been following permission-marketing best practices (of course you have) then you should already be compliant – or most of the way there.

The key thing is transparency – making it easy for users to understand what you’re storing, what you’re tracking and why, the detail of which should be in your privacy policy, in plain English.

The new regulations require users to give informed or implied consent and with email it’s easy to ask for this at the point of registration. In their guide to email marketing and the cookie legislation the DMA recommends adding text like the following to your sign up process:

“We use technology to help ensure we send you what you want, and stop sending you what you don’t want.  Click here to find out more.”

Where the ‘click here’ link takes users to a page explaining what tracking is used, how, what impact it will have on them and how they can stop receiving emails if they change their mind.

For email tracking, we use the following wording in our own privacy policy:

Email tracking – If you use our service to register to receive communications via email then messages you receive may be trackable at an individual level, allowing us to determine, for example, opens and link clicks. This information is generally used to help assess the effectiveness of communications so that we can improve them and may occasionally be used to send relevant further communications in response to your actions (e.g. clicking a particular link) or inactions (e.g. not opening an email). You can unsubscribe from email communications at any time using the unsubscription link contained in each message.”

The DMA document also gives some excellent examples of suitable privacy policy wording.

The interpretation of the rules is still changing, and so is the best practice – none of this should be taken as legal advice – but as always, we recommend that transparency, and doing what’s best for your subscribers, is always the best policy.


* It could also be argued that as most email clients require users to take an action to load images, precisely because of this tracking, then implied consent is given when this occurs. I wouldn’t recommend relying on this though.