Archive for November, 2009

I read the out-law blog post late last night as it was retweeted by @eivindsavio in Norway from @pierrefar in the UK. To be honest, I didn’t think much of it as I had just reviewed Vivane Reding’s EU Telecoms Reform and had blogged about it a couple of hours prior to that after thorough review. After all, I had been writing about the possible threats of both HADOPI in France but also PHORM in the UK, wondering why Mrs. Reding was taking a stance against PHORM while keeping quiet about HADOPI.

It turns out I was wrong as she was fighting one battle at a time, which makes total sense when you need to find unanimous consent of 27 member states.

So basically, what are we talking about?

Back in November 2007, the Commission adopted proposals for the reform of the EU telecoms rules. It took some time for all parties to come to an agreement as it finally fell on November 5th 2009, after much debate. As mentioned, I blogged about the outcome but chose to mainly discuss it from the standpoint of banning HADOPI’s “three-strikes law”. The reason why I chose to do this is because this “three-strikes policy” is an infringement of the basic principals of democracy, as presumption of innocence and the right to privacy is not respected.

Now, this post also talks about the “cookie affair” as the EU Telecoms Reform states “Internet users will be better informed about cookies and about what happens to their personal data, and they will find it easier to exercise control over their personal information in practice.” Vague!

My recommendation was and still is to adapt privacy policies in order to clearly explain to visitors what cookies are used for and why they are there, while also including an opt-out link as found for example in Yahoo! Web Analytics’ privacy policy.

Now, Mr. Struan Robertson’s article on out-law, of which he is the editor, but also on Techradar are almost the same articles word for word. So this is information coming from the same person, just on two different websites. He mentions that Europe’s cookie law was found at the tail end of an 18-page Council press release, together with some other stuff the Council has been working on. Fair enough.

Indeed, page 17, just after the protection of workers from chemical risks within the Social Policy section mentions under the Telecommunications Policy section the creation of the Body of European Regulators for Electronic Communications (BEREC) as well as the adoption of a directive amending legislation in force on universal service ePrivacy and consumer protection.

More specifically it amends the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.

And this is where we come to the root of it – please bare with me – as paragraph 66 states:

“Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities. ”

Again, this remains vague and for the life of me, I don’t read prior consent here but an obligation of information in an as much as possible friendly way. So again, I’m not imagining pop-ups or white pages asking for consent to collect information about the surfing behavior but just a clear privacy policy with an opt-out link like Yahoo! Web Analytics proposes.

Also, it’s not as if this was hushed in any way as it’s exactly what the EU Telecom Reform is all about! Additionally, it’s interesting to note that if indeed we were talking about pop-ups &/or white pages asking for consent of measurement, this would need to be enforced. If this goes into effect, BEREC should move really fast!

But Mr. Robertson’s second article also mentions amendment to article 5(3), which surprisingly I’ve only managed to find in a second reading of the article and not as an official document. So it would be nice if he could point to his actual sources, just for the sake of clarity, as any good legal expert usually does as for me, the official document is still this one (hint: check out 5.3)!

Now, does all this really come as a surprise? I think not as already back in April of this year, Viviane Reding clearly stated that directives would be amended and more specifically Directive 2002/58/EC. But it hasn’t yet, has it?

Storm in a Teacup

And that’s all that this actually is in my opinion: A storm in a (very British) teacup. Nothing new here! Well, except for the second phase of an infringement proceeding over the UK to provide its citizens with the full protection of EU rules on privacy and personal data protection when using electronic communications dated October 29th of this year send out by? you’ve guessed it! Mrs Reding …

Last but not least, I would like to mention that Mrs. Reding’s DG Information Society & Media has been using Google Analytics for some time now. I should know as I helped them implement it and raised the privacy issues during the project!

What’s however interesting is that, as of today, I still haven’t found the possibility of opting-out from Google Analytics, but that’s another debate.

Enforcement? Unlikely

I don’t think that prior consent for the use of cookies will be enforced in Europe and I believe it’s just a misinterpretation intended to get attention…

Once again, I welcome comments and thoughts as I’m totally open for discussion in order to make sure that the Europe I was raised in and choose to live in upholds to my standards of a righteous society.

The agreement reached on November 5th about the EU Telecoms Reform announces that it bans the “three strikes and you’re out” policy, also dubbed HADOPI in France, which was supposed to fight against Internet piracy and illegal download by a three strike procedure.
The EU Reform “paves the way for stronger consumer rights, an open internet, a single European telecoms market and high-speed internet connections for all citizens”.
Finding an agreement amongst the 27 member states is not an easy task and as the reform, proposed by the Commission since 2007, strengthens competition and consumer rights on Europe’s telecoms markets, facilitating high-speed broadband access and establishing a Body of European Regulators for Electronic Communications (BEREC) to complete the single market for the telecoms sector, it does actually little or remains rather vague when it comes to European’s citizen privacy. The European reform still needs to be voted upon by the Parliament and Council by end of November before it’s entered into force in early 2010 and then transposed into national legislation in the EU 27 member states by May 2011, at the latest. Yes, Europe is a slow process!

Viviane Reding, the EU Telecoms Commissioner, however welcomes the agreement: “This internet freedom provision is unprecedented across the globe and a strong signal that the EU takes fundamental rights very seriously, in particular when it comes to the Information Society. … The reform will substantially enhance consumer rights and consumer choice in Europe’s telecoms markets, and add new guarantees to ensure the openness and neutrality of the internet.”

Well at least, it’s clear that French President Nicolas Sarkozy got a big NO/NON/NEE/NEIN on his “three-strikes-laws” also called HADOPI and previously mentioned as the reform clearly states that “any measures taken by Member States regarding access to or use of services and applications through telecoms networks must respect the fundamental rights and freedoms of citizens, as they are guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and in general principals of EU law… In particular, they must respect the presumption of innocence and the right to privacy.”
This is even more explicitly detailed in Annex 1 and Commissioner Reding confirms on the mater of illegal download of copyrighted content that: “… we need to find new, more modern and more effective ways in Europe to protect intellectual property and artistic creation”.

Well, I at least for once am reassured as the basis of our democracy is assured through the presumption of innocence. Regarding copyright evolution, the battle is not over yet but one might start by reading Jessica Leaman’s Real Copyright Reform from the University of Michigan Law School before anyone else in the world starts having secret Internet copyright talks.

Getting closer to web analytics as I get this question so often about a European standpoint, nothing really new here as the 5th article of the reform deals with Consumer Protection but mainly in the light of personal data breaches and spam, where “… Operators must respond to the responsibility that comes with processing and storing this information. Therefore, the new rules introduce mandatory notifications for personal data breaches…” and this probably mainly applies to ISPs.

Cookies are also mentioned, even though very vaguely, in the context of rules regarding privacy and data protection, which should be strengthened. As such, “internet users will apparently be better informed about cookies and about what happens to their personal data, and they will find it easier to exercise control over their personal information in practice”.
How this could be done and enforced remains to be debated. However, in the light of our sector’s evolution and the recent efforts by most web analytics tools to include an opt-out possibility of measurement, websites owners are well advised to adapt their privacy policies in order to make sure they adequately inform their visitors about what they are tracking and how. As an example, Yahoo! Web Analytics’ privacy policy allows for a simple copy-pasting of a paragraph explaining how data is being tracked and how visitors can opt-out of the tracking. As said, they are not the only tool out there to provide such an option but one has to note that it’s the website owner’s responsibility to actually update their privacy policy and include such a link.

Note that EU member countries have an obligation to transpose European legislation into their national legislation within a limited time, usually 18 months. This does however not mean that national legislation doesn’t go further than the one stated by the EU. An overview of Primary Data Protection laws can be found here. Germany’s Federal Parliament and Council for example passed amendments on the Federal Data Protection Act (BDSG for Bundesdatenschutzgesetz) over the summer and any company seriously using Intranet data on a personal level, under German law, is well advised to make sure they have informed their employees about what they are monitoring and why, as Deutsche Bahn AG sourly found out, settling for 1.1 million €.

The discussion is not over yet as the European Commission is still undergoing a consultation on Personal Data Protection, which is due by the end of the year. For now, let’s just make sure those privacy policies on our client’s websites are up to date, shall we?

I welcome any thoughts on the subject, please don’t hesitate to drop me a line or comment below.

It almost sounds surreal when you think about it: “roast beefs” embracing “frogs’” technology (not pun intended at all, I respect both countries, this is to underline how historically those two wonderful countries have perceived each other) but with the evolution of our industry – Omniture’s acquisition by Adobe and the tireless advancement of free tools such as Google Analytics – one should take note that some European web analytics players are showing viable alternatives.

They’ve been batting and winning, those French, and more specifically AT Internet.

Now, I’m not one to push a vendor over another. After all, when I proclaimed vendor independence some years back, people thought I was crazy!
However, some months ago, when analyzing market penetrations of web analytics tools in Europe’s 27 countries, they already stood out of the crowd, with an almost lock on their home market.
The French have historically been battling with smaller players coming from the audience measurement side – “mesure d’audience”, as they say -, which is still a commonly accepted perspective, and together with an even older historical legacy, the Minitel, web analytics seemed to have had difficulty to really take traction in this country famous for it’s cuisine.

Web Analytics Wednesdays – les mercredis des Web Analytics – organised by Julien Coquet and Nicolas Malo, with over 100 attendees October 14th last and with the launch of Jacques Warren’s book in French regarding Web Analytics- #1 in terms of sales on Amazon.fr in the categories of electronic commerce and management  – co-authored by Nicolas Malo, it looks like the French are really getting their act together. A network of French, Canadian and Belgian bloggers also supported the launch of the book in order to get traction on the market.

And, with the launch of NX or AT Digital Workspace NX as dubbed by them and reviewed by Stéphane Hamel here, my suspicions are confirmed that AT is here to stay and has some interesting features that other vendors might take note of, none least of which server monitoring to make sure that if your conversion rates are suffering, it’s not because your website is slow or basically down! Sounds familiar?
AT is today taking it’s offering seriously beyond French borders, and according to other American contenders on the European market, do a pretty good job at defending their solution during vendor selections.

Now, AT is not the only European vendor out there as mature solutions are also emerging such as in Germany with Webtrekk, offering raw data and real time segmentation, getting traction on a market where privacy is of some importance, possibly hindering penetrations of free tools. And with a multitude of books available in German about Web Analytics, authored by prominent writers such as Marco Hassler, Frank Reese, Udo Möller and Michael Kröhn as well as Timo Aden, Germany is well prepared to adequately serve it’s market and hopefully go beyond as well.

While the French call web analytics more often than not mesure d’audience, the Germans usually dub it Web Performance or Web Controlling, pushing it closer to the financial perspective of digital communication measurement and ROI.

The Dutch of course, have been out there for quite a while with claimed European leader Nedstat on the vendor’s side and one of the most qualitative event dedicated to web analytics, running I think now in it’s 4th year.

Looking more to the east and up North, one should also take note of Finish vendor Snoobi as well as Eastern European based Gemius traffic, which is winning a couple of deals all over Eastern Europe and noticeably in Turkey and Poland, which is after all the 6th biggest Internet population on the European continent after the usual suspects: Germany, the UK, France, Spain and Italy.
While the two latter countries are still battling with competition from tools such as Nielsen’s Netratings – which can’t really be found anywhere else on the continent – one has to note that Spain was lagging behind when it came to web analytics literature in Castilian Spanish. Sergio Maldonado now amends this through the release of “Analitica Web, Medir para Triunfar”.

In the more traditional Shakespearean language, I couldn’t finish this post without mentioning Steven Jackson’s excellent “The Cult of Web Analytics“, which looks at how web analytics is ideally set-up within companies and in my humble opinion a must read for anyone serious about how to implement a long term web analytics strategy. And on the free tools side, Europeans have also substantially contributed to our sector’s literature with Dennis R. Mortensen’s “Yahoo! Web Analytics” book as well as Brian Clifton’s “Advanced Web Metrics with Google Analytics“.

This is what I’ve listed so far as my little European based Web Analytics library. I’d love to hear your thoughts about any other European authored books about our industry that I might have forgotten to mention in Swedish, Danish, Dutch, Italian, Polish, … ? Or any European based vendors that are also pushing on our beloved continent as well as specific terminology related to your market. Don’t hesitate to drop me a line or comment below.

London hosts today a Web Analytics Wednesday on Tuesday at the usual Bluu Morgate, where AT Internet’s NX will be showcased and it’s not too late to participate. I’m sure it will be great event & enjoy!