A guest post by Yo Noguchi of Benchmark Email.

In May 2011, the European Union made changes to how companies worldwide are allowed to collect or use information from web page visitors from Europe. The legislation, called the European e-Privacy directive, legally mandates that websites tracking users with cookies collect explicit consent from the person being tracked prior to dropping a cookie. Although they are similar, the legislation is even stricter than the CAN-SPAM Act of the United States because it forces U.S. email marketers to delete a client’s information as soon as the customer unsubscribes.

The EU’s Commissioner for Justice, Viviane Reding, says, "Privacy standards for European citizens should apply independently of the area of the world in which their data is being processes. To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU customers.”

All businesses and websites tracking Europeans must comply by the regulations to be in compliance with the EU’s new legislation. American businesses will need to take reasonable measures to identify which website visitors are European and collect their permission.

Compliance is important for international email marketers because in some cases, not being compliant with international law can cost thousands of dollars in legal fees and fines, and possibly even criminal sanctions.

When asking for permission, inform subscribers about exactly what data is being tracked and how you will use it. The key is obtaining explicit consent.

Furthermore, there must be some kind of affirmative action where the subscribers acknowledge their consent to marketing and tracking. A good example of this is where a subscriber provides consent by clicking a link, which causes a pop-up box specifying what you will do with the subscriber’s personal data.

You can decide where to collect consent and then drop the cookie. Many businesses allow European visitors to browse some pages of sections of the website before asking for permission. The idea is to enable the website visitor to see the value of the web content or services before asking for tracking permission.

For example, you might want to ask permission after a European visitor has viewed a certain number of pages, spent a given amount of time on the site or visited specific web pages.

The following are laws enacted by the European Union that address email marketing from a privacy perspective. These laws must be followed by all of the member states.

• Data must be fairly and lawfully processed.



• Data must be processed for limited purposes.



• Data must be adequate, relevant, and not excessive.



• Data must be accurate.



• Data must not be kept for longer than is necessary.



• Data must be processed in-line with individual rights.