Say this in a Scots accent..BT has the Premier League rights, ESPN Disney

So, the news that BT has outbid ESPN for two packages of live Premier League rights was not only a shock, but it has got the most ardent meeja pundit reaching for the soccer hyperbole book. ‘It’s sent tremors through the industry, Trevor’, ‘The Mickey Mouse Clubhouse has tumbled down, Clive’.

Whilst most of us had our eyes to Doha for an assault on Sky’s monopoly, we didn’t see the local hero rise to the challenge. As my mum always said…watch out for the quiet ones.

BT have kept themselves well below the radar when it comes to assaulting content rights. Sure, they were in the market a few years ago when they shared delayed Premier League rights with Sky. But since then the geeks at the telephone exchange have insisted they were more concerned with offering us 5x faster broadband than pictures of Ashley Young falling 5x faster than anyone else on a soccer pitch.

To be fair, wiser men than me predicted an onslaught by the geeks. Whilst most were talking about al-Jazeera, a former colleague of mine, Gary Andrews (@gaftbl on Twitter) was predicting a possible bid by Google or Apple in ‘When Saturday Comes’magazine.

Whilst it was not those specific companies this time, the bid by BT is a clear indication that technology companies have recognised the power of content to drive technology sales – which can only be good news for other football rights holders.

Yes, a few years ago, rights holders gave up on the geeks and started handing over online rights to broadcasters as an added extra, after a failure to monetise them properly. BT has set a marker that these rights have value on digital platforms.

All the talk coming out of Telecom Tower about this deal is how their new Infinity fibre optic system allows them to do ‘more with the pictures from Premiership games’. For them, unlike Setanta and ESPN, it’s not about how much money it will cost to be on a Sky box because BT doesn’t need Sky.

Everyone has a telephone line capable of receiving a BT Vision signal…not everyone can receive Sky. This rights deal could do more long term damage to Sky’s monopoly than the Labour Party has dreamed of doing in 20 years!

And what of poor old ESPN? A network which, to be fair, made a real effort to be a serious sports player in the UK. It successfully shunned its reputation of ‘Yanks talking Soccerball’ and made a serious commitment to quality sports journalism in the UK.

Can it really survive without live coverage of the biggest league in the UK? If it goes, what will that mean for the SPL and English Premiership Rugby, which relies on the eyeballs the EPL brings to those sports?

Whilst they re-write the business plan for ESPN in Hammersmith, BT would do well to go over there with a bottle of bolly and pick their brains. For ESPN has laid the foundations for how BT can break the Sky monopoly and really offer an alternative to the football fans of the UK.

 

Not Taking the Biscuit – Cookie Regulations Explained

Saturday 26th May 2012 saw the end of the year moratorium on the enforcement of the e-Privacy Directive (better known as the cookie regulations) which came into law on 26 May 2011. This blog sets out what the new regulations in relation to cookies are and what you need to do. Cookies are not the only tracking device (cookies account for about 60% of tracking activity) that the regulations encompass, but the blog focuses on their application to cookies as the requirements for other tracking activities is much the same.

Background

A cookie is a small data file that is placed onto a user’s internet enabled device (e.g. computer, mobile and tablet) which collects data this extends to include mobile applications. They are used to analyse (or track) user behaviour and to help improve the user experience while on the website. Some cookies are necessary for the website to function e.g. purchase path cookies, which remember what items a user has selected to purchase.  Prior to the implementation of the new regulations there was an opt-out process under which a user was deemed to have consented to the use of cookies unless they indicated otherwise.

e-Privacy Directive

The new regulations reverse this opt-out standpoint to an opt-in one. It is therefore necessary for a website to gain consent from user prior to the placing of cookies (barring the ‘strictly necessary’ exemption discussed below).  The user should be informed about:

  1. What information is to be collected;
  2. What the website is going to do with that information;
  3. Who is the information going to be shared with;
  4. Will the collected information identify the individual user;
  5. How long will the cookie remain on their device; and
  6. How can they disable the cookies.

A common question I am asked is do I have to seek consent for all cookies, and the answer is no where the cookie is strictly necessary consent is not required.

Strictly necessary?

  •      Purchase path cookies (discussed above);
  •      Security cookies (e.g. those necessary to comply with certain legislative requirements); and
  •     Operational cookies (e.g. ensure the website loads quickly).

The definition does not stretch to cover analysing or tracking cookies (both first and third party) or to recognition cookies (e.g. personalised greeting and personal preferences) and therefore the website must obtain user consent prior to their use.

Most websites will use more than one type of cookie. However separate consent does not need to be obtained for each different type of cookie and one ‘blanket’ consent is sufficient.  Where there are a series of connected websites the user can grant consent to the use of cookies across all the connected websites at one time.  The important aspect in both situations is that the user has given the necessary information about all of the cookies prior to the consent being given.

In practical terms what do I have to do?

Step 1: The website owner should undertake, if they have not already, a cookie audit (your website developer should be able to assist) to understand what cookies are being used on the site and to collate the information that needs to be given to the user.

Step 2: You should determine whether you are going to seek express consent or rely upon implied consent.  Under the latest guidance from the regulator (the Information Commissioners Office (“ICO”)) implied consent can be sufficient despite earlier guidance that suggested otherwise. Obtaining express consent will give the website owner greater certainty that the website is compliant but (depending upon the method used to obtain the express consent) may result in a lower user experience.

Step 3: The user’s attention needs to be drawn to the necessary information prior to consent being given.  There are a number of ways in which this can be achieved, the most common is likely to be to place the necessary information, in an easy to understand form, in a cookie policy (which usually forms part of the website’s privacy policy).  The website homepage should then have a banner or pop up that draws the user’s attention to the existence of the cookie policy.  Websites should not place reliance on a difficult to find cookie (or privacy) policy where there is no clear and prominent link as such a method of obtaining consent is unlikely to be sufficient to ensure compliance with the regulations.

So what do suitable options look like?

There are a number of different methods that are being used to draw the user’s attention to the necessary information. While it is anticipated that in the future the reliance upon the user’s browser settings may be suitable this method of obtaining consent should not be relied upon at present as the browsers being used by many are not yet sophisticated enough.  In addition the ‘normal’ users understanding of the cookie function on their browser is insufficient enough to enable a website to deemed implied consent to their use of cookies.

Terms and conditions

Where a site requires a user to sign up to terms and conditions prior to their use of the site (or part of the site) then the use of terms and conditions may be an acceptable option.  The user’s attention would still need to be drawn to the relevant cookie information and this may be possible by a separate tick box that says that the website will be placing cookies.

Static pop-up

A second option is shown on The Financial Times website you have chosen to use a static ‘pop-up’ which is displayed when the user (first) accesses the website. The pop-up contains direct links to the cookie policy. The user is unable to access any of the articles on the website until they have clicked off the pop-up, which relies upon implied consent. The negative aspect of choosing this solution is that the user experience and visual look of the website is lowered as the user cannot use the website until they have clicked off the pop-up.

Banner

A third option is that chosen by the ICO themselves, and it involves the use of a static banner across the top of the website until such time as the user has acknowledged the presence of the cookies. As with the FT.com option it provides the user a direct link to the cookie policy.  It can be used to obtain either express or implied consent (i.e. click to accept, or your continued use of this website indicates your acceptance to our cookie policy etc.).  An advantage of this option is that the user experiences is not interrupted it will affect the layout of the website and decrease the aesthetic appeal of the website.

Based outside of the UK?

I have also been asked whether websites that are based outside the UK need to comply with the regulations. The answer to this is yes, firstly the regulations (in slightly different guises) will be implemented across all the 27 EU member states. Secondly even where the site is located outside of the EU it is the location of the user that is paramount (albeit that enforcement of any breach will be more difficult) and therefore the website must be compliant.

Enforcement

The guidance from ICO is that they are not likely to be strongly enforcing the new regulations in the coming months.  They will act upon complaints of infringing websites by users opposed to be actively seeking out non-compliant websites.  The punishments available to the ICO include a maximum fine of up to £500,000 (although they have said they are unlikely to issue a fine except in extreme circumstances), negative publicity, compliance notices and undertakings from the website.  The ICO’s aim is that websites are compliant or making steps to achieve compliance and will seek to encourage infringing websites to fix issues opposing to financial punishing them.

Conclusion

The requirements under the new regulations have been noticeable watered down since they were first proposed. Websites should be ensuring that where they are non-compliant that steps are being taken to change the layout of their website to provide the user with the necessary information. While the potential financial penalties are substantial many commentators do not believe that they will be used in regards to cookie infringements with enforcement notices a much more likely outcome. The implementation of a suitable cookie and privacy policy is of paramount importance for all websites.

For further details please contact me at iain.taker@kemplittle.com or on Twitter @iaintaker

This blog was written by Iain Taker who is a qualified lawyer with Kemp Little and who specialises in Commerical, Technology and Sports law and is a registered lawyer under the FA Football Agency Regulations.