Select Your Service
Rakuten Affiliate Network
Formerly Rakuten LinkShare
Formerly Rakuten MediaForge
Formerly Rakuten DC Storm
EU Privacy Directive (EU Cookie Law)
Rakuten Marketing Advertisers and Publishers please be aware that the EU has passed what is called the EU Privacy Directive (also referred to as the Cookie Law) that requires disclosure on Websites of what information is collected during the use of the site and to obtain End User consent prior to the placement of cookies on their computers.
Consumer-facing sites are required to obtain consent from end users for placement of cookies (including Rakuten Marketing cookies/tracking devices) on such end users’ computers. Rakuten Marketing Publishers should consult Section 5.5 of the Publisher Membership Agreement for more information and Rakuten Marketing Advertisers should consult their agreements for more information on Advertiser’s responsibilities to this regard.
Frequently Asked Questions
Read the Frequently Asked Questions below to learn more about the EU Privacy Directive, Cookies and the Rakuten Marketing Network.
For Microsoft Internet Explorer: http://support.microsoft.com/kb/196955
For Mozilla Firefox: http://support.mozilla.org/en-US/kb/Cookies
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
Cookies: Special Notice About This Site
Rakuten Marketing encourages all participants in the Rakuten Marketing Network to provide clear information about cookies.
For more information about the EU Privacy Directive, cookies and Rakuten Marketing read the Frequently Ask Questions document.
How to remove cookies in Internet Explorer 8
1. Exit Internet Explorer 8, and then exit any instances of Windows Explorer.
2. Do one of the following:
- In Windows Vista or Windows 7, click the Start button, type inetcpl.cpl in the Start Search box, and then press ENTER.
- In Windows XP, click Start, click Run, type inetcpl.cpl in the Open box, and then press ENTER.
3. On the General tab, click Settings, and then click View Files.
4. Select the files (cookies) that you want to delete.
- Rakuten Marketing cookies will be associated to the domains:
5. On the File menu, click Delete.
How to remove cookies in FireFox3
1. Click on Tools, then Options
2. Select Privacy
3. Do one of the following:
a. If your Firefox will setting is configured to Remember History, click the remove individual cookies link.
b. If your Firefox will setting is configured to Use custom settings for history, click the Show Cookies button.
4. Select the cookie entry in the list and click on the Remove Cookie button
a. Rakuten Marketing cookies will be associated to the domains:
How to remove cookies in Chrome
1. Click the wrench icon on the browser toolbar.
2. Select Options (Preferences on Mac and Linux; Settings on Chrome OS).
3. Click the Under the Hood tab.
4. Click Content settings in the "Privacy" section.
5. Click the All Cookies and site data… button
6. Select the files (cookies) that you want to delete.
a. Rakuten Marketing cookies will be associated to the domains:
7. Click the X to the right of the cookie name.
How to remove cookies in Safari
1. Click the Action menu icon
2. Select Preferences
3. Select the Security tab
4. Click the Show Cookies button
5. Select the files (cookies) that you want to delete.
a. Rakuten Marketing cookies will be associated to the domains:
6. Click the Remove button - See more here.
Each file normally contains:
- The name of the website server that created the cookie
- The duration of the cookie-how long your browser can use the cookie information to access the website that created the cookie
- A cookie value-this unique information is normally a randomly generated number
The server that created the cookie uses the cookie value to remember you when you come back to the site or navigate from one page to another. Only the server that created the cookie can read and process the cookie. Cookies can expire at the end of a browser session (from when a user opens the browser window to when they exit the browser) or they can be stored for longer.
The Regulations apply to both types of cookies:
Session cookies – allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes such as remembering what a user has put in their shopping basket as they browse around a site. They could also be used for security when a user is accessing internet banking or to facilitate use of web mail. These session cookies expire after a browser session so would not be stored longer term. For this reason session cookies may sometimes be considered less privacy intrusive than persistent cookies.
Persistent cookies – are stored on a user's device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be remembered. Persistent cookies may be used for a variety of purposes including remembering users’ preferences and choices when using a site or to target advertising.
First and third party cookies – Whether a cookie is ‘first’ or ‘third’ party refers to the website or domain placing the cookie. First party cookies in basic terms are cookies set by a website visited by the user - the website displayed in the URL window. Third party cookies are cookies that are set by a domain other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website this would be a third party cookie.
What is the EU Privacy Directive (EU Cookie Law)?
The Privacy and Communications (EC Directive)(Amendment) Regulations 2011 (UK Regulations) was recently amended on May 26, 2011 and the relevant rules are found in amended regulation 6, which reads as follows: 6. - (1) Subject to paragraph (4), a person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment - (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent. (3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use. (3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or program to signify consent. (4) Paragraph (1) shall not apply to the technical storage of, or access to, information - (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user. Note that the previous rule on using cookies for storing information required a site to: · tell people how the site used cookies; and · tell them how they could ‘opt out’ if they object. Many websites did this by putting information about cookies in their privacy policies and giving people the possibility of ‘opting out’. The new requirement is essentially that cookies can only be placed on machines where the user or subscriber has given their prior consent.
When does the EU Cookie Law go into effect?
The new regulation went into effect on May 26, 2011. Organizations need to take action to comply by no later than May 26, 2012.
What is consent?
Consent from the user or subscriber: The Regulations state that consent for a cookie should be obtained from the subscriber or user. The subscriber means the person who pays the bill for the use of the line. The user is the person using the computer or other device to access a website. In practice the owner of a website may well not be able to distinguish between consent provided by the subscriber or the user. The key then is that valid consent has been provided by one of the parties. The Regulations do not specify whose wishes should take precedence if they are different. Other references in the legislation to a subscriber’s ability to make decisions in this area, such as around browser settings, might suggest the subscriber’s indications may in the first instance take priority. There may well be cases where a subscriber, for example, an employer, provides an employee with a terminal at work along with access to certain services to carry out a particular task, where to effectively complete the task depends on using a cookie type device. In these cases, it would not seem unreasonable for the employer’s wishes to take precedence. There are other areas of the legislation, around browser settings where the subscriber clearly has the ability to make a decision on behalf of any users. However, there will be circumstances where a user’s wish should take precedence. To continue the above example, an employer’s wish to accept such a device should not take precedence where this will involve the unwarranted collection of personal data of that employee.
- Pop ups and similar techniques: This might initially seem an easy option to achieve compliance – you are asking someone directly if they agree to you putting something on their computer and if they click yes, you have their consent, but it’s also one which might well spoil the experience of using a website if you use several cookies. However, you might still consider gaining consent in this way if you think it will make the position absolutely clear for you and your users. Many websites routinely and regularly use pop ups or ‘splash pages’ to make users aware of changes to the site or to ask for user feedback. Similar techniques could, if designed well enough, be a useful way of informing users of the techniques you use and the choices they have. It is important to remember though that gaining consent in this potentially frustrating way is not the only option.
- Settings-led consent: Some cookies are deployed when a user makes a choice about how the site works for them. In these cases, consent could be gained as part of the process by which the user confirms what they want to do or how they want the site to work. For example, some websites ‘remember’ which version a user wants to access such as version of a site in a particular language. If this feature is enabled by the storage of a cookie, then you could explain this to the user and that it will mean you won’t ask them every time they visit the site. You can explain to them that by allowing you to remember their choice they are giving you consent to set the cookie. This would apply to any feature where you tell the user that you can remember certain settings they have chosen. It might be the size of the text they want to have displayed, the color scheme they like or even the ‘personalized greeting’ they see each time they visit the site.
- Functional uses: Collecting information about how people use a site, for example, which pages they visit on a website still requires consent. The ICO suggests a solution of footer/header text that becomes highlighted when a cookie is going to be set. This seems to be the approach the ICO has adopted for its own website which can be viewed here:
Does the consent rule apply to every type of cookie?
According to All About Cookies (located at http://www.allaboutcookies.org/privacy-concerns/new-european-laws.html), which acts as a free Cookie resource providing the latest information in response to the Information Commissioners Office press issue, the only exception to EU Cookie Law is if what you are doing is ‘strictly necessary’ for a service requested by the user. This exception needs to be interpreted quite narrowly because the use of the phrase “strictly necessary” means its application has to be limited to a small range of activities and because your use of the cookie must be related to the service requested by the user. Indeed, the relevant recital in the Directive on which these Regulations are based refers to services “explicitly requested” by the user. As a result our interpretation of this exception therefore has to bear in mind the narrowing effect of the word “explicitly”. The exception would not apply, for example, just because you have decided that your website is more attractive if you remember users’ preferences or if you decide to use a cookie to collect statistical information about the use of your website.
We do not believe that the use of Rakuten Marketing cookies by a Publisher in the tracking process qualifies for this exception to the rule discussed above. In our view, Rakuten Marketing cookies are set at the request of Publishers so that an End User may be tracked to an Advertiser site and so that Publisher is paid a commission for referring that End User to the Advertiser site if said End User purchases a product/service on the Advertiser’s site.
How can you disable/enable cookies?
As a Publisher, do I have any obligations to obtain consumer consent?
We recently amended of Section 5.5 of our online Publisher Membership Agreement, as follows:
As an Advertiser, do we have any obligations under the EU Cookie Law?
Yes, all websites have an obligation under the EU Cookie Law to disclose what information is collected and to obtain End User consent prior to the placement of cookies on their computers.
What if I fail to obtain End User’s consent to embody cookies (including Rakuten Marketing tracking cookies) on their computer?
A maximum penalty of £500,000 pounds can be imposed. Rakuten Marketing reserves the right to conduct random site checks of Publisher site to ensure compliance with the Publisher’s contractual obligations outlined in Section 5.5 of the Publisher Membership Agreement. In the event that Rakuten Marketing discovers that your site is non-compliant, Rakuten Marketing reserves the right to suspend your access to the Network and/or terminate your participation in the Network.