2013 is proving eventful in the world of Marketing, data and brand law: new rules for online behavioural advertising (OBA); the EU data protection proposals; new generic top level domains (gTLDs) for websites; and the first regulations to support the Government's "midata" programme.
New CAP Code rules on OBA came into force on 4th February. They apply principally to third party cookies that collect and use web viewing data via sites which are not under the third party's control. The rules do not apply to contextual advertising, web analytics, ad reporting or delivery, first party OBA, in-stream videos online or (as yet) the use of OBA on mobile devices. They mean that third parties must now provide on their own websites “clear and comprehensive notice” about their OBA activity and must give the same notice in and around display ads served to all other sites.
A link must also be provided to a “relevant mechanism” by which users can opt out - one that is strongly recommended by CAP is operated by the European Interactive Digital Advertising Alliance using an icon linked to www.youronlinechoices.com. Separately, a prohibition has been introduced on creating interest segments specifically designed for targeting under-13s.
If the ASA is unable to identify the relevant third party, the advertiser on whose behalf an ad is served must, in good faith, co-operate with the ASA to help determine the identity of the third party. While the ASA presumes that co-operation will lead to immediate remedial action, further sanctions will be brought against those who fail to comply.
An agreed draft Data Protection Regulation is due to go before the European Parliament in December, although achieving a political agreement will be challenging. As it currently stands, the draft contains a number of changes which are pertinent for marketers. These include, among others, a tightened definition of consent to data processing, a narrower "legitimate interests of data controller" gateway which will make it more difficult for data controllers to justify processing personal data, and a wider definition of "personal data".
Although there is a proposed transitional period of two years - and sign-off is likely to be a year or more away - marketers will need to think seriously about how they might be affected because the cost of breaching the Regulation is potentially high. Fines of up to€500,000 or 1 per cent of annual worldwide turnover are planned.
Midata is a partnership between the UK government, consumer groups and major businesses aimed at empowering consumers by giving them access to data on, for example, their household utility use and internet transactions. The Government hopes the programme, which is currently voluntary, will ultimately encourage competition. Consultation in 2012 revealed widespread support, but also highlighted concerns about data privacy. Working groups have therefore been established to consider the concerns.
While the Government has made clear that it is committed to continuing midata as a voluntary programme, it also wants regulations in relation to energy companies, mobile network operators, current account and credit card providers, which will require the release of data.
Outside of data, new gTLDs are due to come on stream later in 2013. While marketers will see the potential value in creating a unique ".brand" space online, the costs are high. It remains to be seen how search engines and users will adapt to the system, who will make the investment and whether it pays off.
(Visit www.marketinglaw.co.uk to keep up-to-date with what's new in the world of marcoms law.)