Legal Eagles
How legal changes at the ASA and EU could affect your business in 2011
EU data protection changes
There are two important changes looming in the EU about data protection. Marketing and community managers take note: The first is the EU's review of the Data Protection Directive. The EU is intending to modernise this Directive in response to new technological changes. The Commission's goal is to ensure coherent application of data protection rules taking into account the impact of new technology on individuals' rights and freedoms.
It seems this is primarily in response to the rise of social networking sites. Given the gaming sectors use of personal data, these changes will undoubtedly impact the way in which it deals primarily with its customers - particularly with any behavioural advertising. It may require you to seek a user's explicit consent before downloading any personal data and making it possible for the user to permanently delete any personal information. Draft legislation is expected sometime during 2011.
The other matter for the EU to contend with is publishing its first review of the Data Retention Directive. Any review of the Data Retention Directive may affect the gaming sector particularly where the review is aimed at matching data retention obligations with law enforcement needs (maybe keeping log files for six months is just not enough given the length some investigations take), and an undoubtedly higher level for protection of personal data will be imposed.
UK data protection changes
The United Kingdom also has some changes to make in the data protection arena. The most notable for the gaming sector is in relation to the E-Privacy Directive which was amended by the Citizens Rights Directive. The Citizens Rights Directive will be implemented on May 25, 2011 and means that the use of cookies will only be allowed if the user has consented or been provided with clear and comprehensive information about the purposes of such processing.
This has introduced an opt-in requirement for cookies.
Theoretically this means that each and every cookie placed on a user's computer would require that user's express consent. Leaving aside for the moment that this runs contrary to the way in which the world wide web actually operates, the administrative burden of getting such consent would be impracticable.
How this legislation is going to be adopted in the UK remains something of a mystery. The Department of Business Innovation and Skills has proposed that this opt-in requirement should not work in such a way to mean users would have to consent to every cookie. Instead the BIS favoured an approach that acceptance may be expressed by using the appropriate settings of a browser or other application. That is, at practical level nothing should change in the United Kingdom. In April 2011 we will see the actual implementation of this legislation and what requirements will be imposed upon the UK and if the BIS gets its way.