Cookies and remarketing: What you need to know about privacy laws

The new Australian Privacy Principles came into force in March 2014, regulating how businesses and organisations can use consumers’ personal information. But what does this mean regarding how your business uses cookies and remarketing?

Cookies and Australian privacy laws

A cookie is a piece of text data that is produced by a web server and exchanged with a particular device each time a user accesses a website.

Cookies make it possible for websites to restore the preferences of returning users, track online purchases or work interactively.

The Association for Data-driven Marketing & Advertising’s (ADMA) Director – Legal and Regulatory Affairs, Daad Soufi, says cookies usually make using websites easier and more enjoyable.

“Without cookies, you would have slower and less user-friendly websites. Consumers feel the benefit of cookies but most don’t realise that, without them, their online experience wouldn’t be as positive,” she says.

Explaining cookies in your privacy policy

Soufi adds that most online users aren’t aware that websites are using cookies.

She says businesses’ privacy policies should be clear about how they are using cookies, and businesses should make it easy for users to get this information.

It is also vital that the cookies do not use any personal information or allow the user to be identified, as that would be in breach of the Privacy Act, Soufi adds.

Remarketing and Australian privacy laws

Remarketing uses cookies to deliver targeted advertisements to a specific online user, based on their previous searches.

“An individual might visit the website of company A, then go onto the website of company B, but be served an advert for company A,” Soufi explains.

Remarketing is done via various ad networks, including Google AdWords. Remarketing adds a piece of code or a remarketing tag to the pages of a website. When visitors come to that site, they are added to the remarketing list and the business can then target those users while they browse other websites.

According to Soufi, using cookies for remarketing would not fall under the Privacy Act, provided the cookies do not hold any personal information that would allow the user to be identified.

“If an organisation has a demarcation between its cookies and its identification of an individual, that is not personal information and is not subject to the Privacy Act,” she explains.

Do I need cookie pop-ups?

Online users sometimes get a message from a website informing them it uses cookies and asking them to opt in.

This is because companies based in Europe are regulated by the EU ePrivacy Directive, which came into force in 2011. This requires websites to get online visitors’ informed consent before placing a cookie on their device.

This is not, however, a requirement under Australian law.

Soufi explains: “Other jurisdictions have a far more consumer-centric positioning in respect to the use of cookies. They have to bring the use of cookies to the attention of the consumer and get agreement from that user.”

While Australia’s laws haven’t gone as far as the EU’s in requiring people to opt into the use of cookies, Soufi says the new Privacy Act does require businesses to be much clearer about the data they collect and how they are handling, storing and using it.

“The way the Australian laws are drafted, there are greater transparency requirements about the use of data. Organisations do need to discuss their data-handling practices within their privacy policy,” she says.

Checklist: How to incorporate cookies into your privacy policy online

  • If you are using cookies your privacy policy should discuss them. It should explain the types of cookies used and why they are used.
  • Some organisations may choose to have a separate privacy policy and cookies policy, but both should be easily accessible.
  • Organisations need to know with certainty whether cookies are used in a completely anonymous manner.
  • If cookies are completely anonymous, that should be clear in the policy.
  • If there is a chance of cookies being linked with other data and potentially identifying a person, it would form the body of data that is personal information; organisations need to know if this is happening.
  • The privacy or cookie policy should explain how someone can detail or block cookies.
  • Remarketing using online banners should be described as part of your marketing practices.
  • If you are using remarketing banner advertising, consider including an icon that directs users to an opt-out preference centre.

Related articles

How Alto Sports is reaching new heights How Alto Sports is reaching new heights
Selling large, seasonal stock online has its challenges but in the downtime Alto Sports uses its webstores – Snow2Water …
Five marketing strategies with Instagram – the perfect eCommerce platform Five marketing strategies with Instagram – the perfect eCommerce platform
Not only is Instagram the fastest growing platform in Australia, but its visual, easy-to-use structure means it’s the perfect …
Why you should be using SMS marketing for your eCommerce business Why you should be using SMS marketing for your eCommerce business
Considering the fact that most of us keep our phones at arm’s reach, it’s no surprise that SMS messaging …
How LUSH Cosmetics increases reach and sales with zero advertising spend How LUSH Cosmetics increases reach and sales with zero advertising spend
At Seamless expo in Melbourne this May, LUSH Cosmetics Brand Communications Manager Natasha Ritz (above) will reveal what helps …

Sign up to our newsletter

Online payments
just got easier