🇪🇺 European Union Compliance

Digital Marketing Compliance

Comprehensive guide to EU regulations for digital marketing, analytics, cookies, email marketing, and online advertising

Why Marketing Compliance Matters

The European Union has established strict regulations governing digital marketing to protect consumer privacy, ensure transparency, and prevent unfair commercial practices. These rules apply to email marketing, online advertising, cookies, analytics, and social media marketing.

Entercom Digital Agency ensures all marketing campaigns comply with EU regulations, protecting both our clients from regulatory penalties and consumers from privacy violations.

1. ePrivacy Directive (Cookie Law)

Privacy & Electronic Communications

Directive: Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (ePrivacy Directive)

Amendment: Directive 2009/136/EC (Cookie Law Amendment)

Read ePrivacy Directive Read 2009 Amendment

Cookie Consent Requirements

🍪 Core Principle: Prior Informed Consent

Article 5(3) ePrivacy Directive: "The storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent."

Translation: You must get user permission before placing cookies (except strictly necessary ones).

Consent Required

These cookies require explicit consent before use:

  • Analytics cookies (Google Analytics, Matomo)
  • Marketing cookies (Facebook Pixel, Google Ads)
  • Tracking cookies (retargeting, behavioral advertising)
  • Social media cookies (share buttons, embedded content)
  • Preference cookies (language, theme - non-essential)

⚠️ Prohibited Actions:

  • • Pre-ticked consent boxes
  • • Cookie walls (blocking access until consent)
  • • Loading cookies before consent
  • • Bundled consent (must be granular)

No Consent Needed

Strictly necessary cookies exempt from consent requirement:

  • Authentication (login sessions)
  • Shopping cart (e-commerce functionality)
  • Security (CSRF tokens, fraud prevention)
  • Load balancing (server distribution)
  • UI customization (essential to service)

✓ Condition:

Must be technically necessary for the service explicitly requested by the user. Cannot be used for other purposes (analytics, marketing).

Valid Consent Criteria (EDPB Guidelines)

EDPB Guidelines 05/2020 on consent under Regulation 2016/679 apply to cookie consent under ePrivacy Directive.

Read EDPB Guidelines on Consent

1. Freely Given

Users must have genuine choice without detriment.

  • No cookie walls (Planet49 case C-673/17)
  • Separate consent for each purpose
  • No imbalance of power (employer/employee)

2. Specific

Granular consent for each purpose and data controller.

  • Separate toggles for analytics vs marketing
  • Specific purpose descriptions
  • No bundled consent for unrelated purposes

3. Informed

Clear, plain language information provided.

  • Controller identity disclosed
  • Purpose of each cookie category explained
  • Right to withdraw consent anytime
  • Link to full cookie policy

4. Unambiguous Indication

Clear affirmative action required.

  • Opt-in only (not opt-out)
  • No pre-ticked boxes
  • No implied consent from inactivity
  • Active button click required

🍪 Entercom's Cookie Consent System:

✅ Banner Before Page Load

Cookie consent banner appears before any non-essential cookies are set.

✅ Granular Controls

Separate toggles for Analytics, Marketing, and Functionality categories.

✅ "Reject All" Equally Prominent

Reject button given equal visual weight to Accept (no dark patterns).

✅ Easy Withdrawal

Cookie settings accessible from footer on every page.

📋 Implementation Available:

View our cookie consent implementation at /cookie-policy

2. GDPR Rules for Marketing Communications

Email Marketing & Direct Marketing Rules

Regulation: Regulation (EU) 2016/679 (GDPR) - Articles 6, 7, 13, 14, 21

Read GDPR on EUR-Lex

Legal Basis for Marketing Communications

1. Consent (Article 6(1)(a))

Most Common for Marketing: User explicitly agrees to receive marketing communications.

Requirements:

  • Opt-in (not pre-ticked boxes)
  • Separate from other terms & conditions
  • Specific for marketing purpose
  • Granular (email separate from SMS)
  • Easily withdrawable anytime

✅ Best for:

New customers, newsletter signups, promotional emails, cold outreach (B2C)

⚖️

2. Legitimate Interest (Article 6(1)(f))

Limited Use: Marketing to existing customers for similar products/services (soft opt-in).

Conditions:

  • Existing customer relationship
  • Similar products/services only
  • Easy opt-out in every message
  • Balancing test conducted (LIA)
  • Documented legitimate interest

⚠️ Caution:

Not suitable for cold outreach, sensitive data, or when consent is clearly more appropriate. Must respect objections (opt-outs).

Email Marketing Compliance Checklist

📝 Before Sending

  • ✅ Valid consent or legitimate interest
  • ✅ Clear opt-in confirmation (double opt-in recommended)
  • ✅ Documented consent records
  • ✅ Privacy policy link provided at signup
  • ✅ Purpose of marketing clearly stated

📧 In Every Email

  • ✅ Sender identity clearly identified
  • ✅ Subject line not misleading
  • ✅ Easy-to-find unsubscribe link
  • ✅ Physical address included
  • ✅ Honors opt-outs within 30 days (preferably immediately)

🔒 Data Protection

  • ✅ Secure storage of email lists
  • ✅ Access controls and encryption
  • ✅ Regular list cleaning (inactive subscribers)
  • ✅ No sharing lists without consent
  • ✅ Processor agreements with email providers

🗂️ Record Keeping

  • ✅ Consent timestamps and sources
  • ✅ Opt-out records maintained
  • ✅ Suppression list (do-not-contact)
  • ✅ Marketing preference center
  • ✅ Audit trail for compliance

3. Digital Services Act (DSA) - Online Advertising

Transparency & Accountability in Online Advertising

Regulation: Regulation (EU) 2022/2065 on a Single Market for Digital Services (Digital Services Act)

Application: February 17, 2024 (all businesses) | August 25, 2023 (very large platforms)

Read DSA on EUR-Lex

Online Advertising Requirements (Article 26)

Mandatory Disclosures for Every Advertisement:

1

Clear Ad Labeling

Advertisement must be clearly identifiable as such in a clear, concise, and unambiguous manner.

Example: "Sponsored", "Ad", "Promoted" labels prominently displayed

2

Advertiser Identity

Name of the natural or legal person on whose behalf the advertisement is presented.

Example: "By [Company Name]" or "Sponsored by [Brand]"

3

Targeting Criteria Disclosure

Meaningful information about the main parameters used to determine the recipient.

Example: "This ad is shown because you are in [Location]" or "Based on your interests in [Category]"

4

How to Change Targeting Parameters

Information on how recipients can modify the parameters used for targeting.

Example: Link to ad settings or preference center

🚫 Prohibited Targeting Practices

❌ Targeting Minors (Article 28)

Online platforms shall not present advertisements based on profiling of minors using their personal data.

❌ Special Category Data (Article 26(3))

No targeting based on sensitive personal data: racial/ethnic origin, political opinions, religious beliefs, health data, sexual orientation.

❌ Dark Patterns (Article 25)

Interfaces must not deceive or manipulate users through design choices that subvert or impair user autonomy.

📊 Additional Requirements for Very Large Online Platforms (VLOPs)

Platforms with ≥45 million average monthly active users in EU have additional obligations:

📂 Public Ad Repository (Article 39)

Maintain searchable database of all ads displayed, including targeting criteria and impressions.

🔍 Systemic Risk Assessments (Article 34)

Annual risk assessments of advertising systems for illegal content amplification.

🛡️ Risk Mitigation Measures (Article 35)

Implement measures to mitigate identified risks from advertising systems.

📊 Data Access for Researchers (Article 40)

Provide vetted researchers access to advertising data for public interest research.

4. Consumer Rights & Unfair Commercial Practices

Consumer Rights Directive

Directive 2011/83/EU on consumer rights

Key Marketing Obligations:

  • Pre-contractual information requirements
  • 14-day withdrawal right for distance contracts
  • Clear pricing (including all taxes & fees)
  • No hidden costs during checkout
  • Clear communication of contract terms
Read Directive

Unfair Commercial Practices

Directive 2005/29/EC concerning unfair business-to-consumer commercial practices

Prohibited Practices:

  • Misleading actions (false information)
  • Misleading omissions (hiding material info)
  • Aggressive practices (harassment, coercion)
  • Bait advertising (unavailable offers)
  • False urgency claims ("only 2 left")
Read Directive

5. Platform-to-Business (P2B) Regulation

Fairness & Transparency for Business Users

Regulation: Regulation (EU) 2019/1150 on promoting fairness and transparency for business users of online intermediation services

Applies to: Online marketplaces, app stores, search engines, social media advertising platforms

Read P2B Regulation

Key Transparency Requirements (Article 5):

📊

Ranking Parameters Disclosure

Explain main parameters determining ranking of business users' offers in search results and their relative importance.

🎯

Differentiated Treatment

Disclose any differentiated treatment of own goods/services vs business users' offerings.

💰

Paid Ranking Influence

Explain how direct or indirect payment affects ranking (sponsored vs organic results).

6. Entercom's Marketing Compliance Framework

Privacy-First Marketing Solutions

At Entercom Digital Agency, we believe effective marketing and privacy protection go hand-in-hand. Our marketing services are designed from the ground up to comply with EU regulations while delivering measurable results for our clients.

🍪

Compliant Cookie Management

  • • Cookie consent banners (EDPB-compliant)
  • • Granular preference centers
  • • Consent management platforms
  • • Cookie audit and documentation
📧

Email Marketing Setup

  • • Double opt-in implementation
  • • GDPR-compliant signup forms
  • • Automated consent records
  • • Preference center development
📊

Privacy-Respecting Analytics

  • • Server-side tracking setup
  • • Cookieless analytics options
  • • Data anonymization techniques
  • • EU-hosted analytics solutions

Launch Compliant Marketing Campaigns

Let us help you build marketing campaigns that drive results while respecting user privacy and complying with all EU regulations.

Get Marketing Compliance Audit Digital Marketing Services

Related Compliance Guides:

AI Regulations & Compliance

EU AI Act, GDPR for AI systems, and automated decision-making regulations

IT Services & Web Development Compliance

NIS2 Directive, eIDAS, web accessibility, and GDPR for developers