Privacy Officers Network

04 July 2002



EU draft directive on E-Communications

Jessica Hendrie-Liano, Company Lawyer, plc

  • How to develop a workable e-marketing policy in light of the new EU draft directive on E-communications?

Points for members to discuss:

  • What can we learn from countries with similar permission based laws for e-communications?
  • Opting-in for e-mail and other forms of marketing – Are there any practical problems about a uniform policy for:
    • different countries? 
    • different media channels?
  • Problems of changing from opt-out to opt-in 
    • rewording of contracts for providers of mobile device services and content 
    • online shopping contracts
    • wording of privacy policies
  • How do companies develop a permission- based marketing system? How do you develop a privacy sensitive culture in the marketing department?
  • Interpreting the boundaries of a “soft opt-in” (marketing to existing customers and customers for similar products and services)
  • Marketing to:
    • other members of your group of companies
    • companies in which you have a majority holding
  • How to avoid ISPs filtering out legitimate bulk e-mail identified as spam?
  • How to interpret ‘clear and comprehensive’ information about cookies?
  • How should companies inform web users about the existence of cookies and how they may be disabled?
  • The advantages and disadvantages of P3P for blocking cookies?

How to develop and implement a global data protection policy

Points for discussion:

  • Where to start: A blank sheet or a current country policy?
  • Setting objectives and agreeing scope: Reconciling different national legal cultures with top management’s business objectives
  • A comprehensive privacy policy or one limited to certain areas, such as employees or marketing? How detailed should the policy be?
  • How best to obtain feedback on your draft policy from various stakeholders?
  • Do you extend the privacy policy to countries which have no or few legal requirements? What do you do if top management considers that extending the policy to such countries would put your company at a disadvantage compared with competitors?
  • If you are not sure whether your policy is compatible with a country’s national privacy law, what practical actions do you take to determine whether or not it is compatible?
  • How do you plan to implement your privacy policy? Prioritise target groups.Timetable, budget, resources?
  • What tools do you use? Intranet, staff notices, training sessions, annual report, website?
  • Sustaining the privacy policy as a living document