From User Generated Content to Cookies: A guide to ensuring privacy in digital marketing

UGC, or user-generated content, and cookies are two important components in the digital world that are affecting how we interact with websites and social media. Both UGC and cookies play a central role in how companies engage with their customers online, but they also entail certain legal challenges.

What is User Generated Content (UGC)?

UGC is content that is created and shared by users on digital platforms, such as social media, blogs and forums. It can include text, images, videos and reviews. UGC is a powerful marketing resource as it is based on authentic user experiences and can increase engagement and confidence in the brand.

Rights challenges

Companies that use UGC must ensure that they have rights to use the material. Copyright always belongs to the creator of the content, and using it requires consent, which usually takes place through a licence. It is also important to respect the creator's moral rights.

Identifying who has actually created the material can be difficult, as it is not always the person who published it. If several persons have contributed to the creation, they own the copyright collectively, and an agreement must be entered into with all rights holders.

Agreements with creators should regulate usage rights and the possibility to edit the material. It is also important to agree on compensation, as the Act on Copyright in Literary and Artistic Works (1960:729) contains mandatory rules regarding right to reasonable compensation for creators.

If the material contains images or names of persons, rules regarding likeness and the Act on Names and Images in Advertising (1978:800) must also be taken into account. Consent from the persons concerned is necessary to use such material.

Privacy challenges and GDPR

Processing personal data legally under GDPR requires a legal basis. The most relevant bases for UGC are consent, balance of interest and fulfilment of contract.

  • Consent: Must be voluntary, specific, informed and provided through an unambiguous declaration of intent. It is also important to document the consent. Those who have given a consent always have the right to withdraw it, and it must be as easy to withdraw a consent as to give it.

  • Balance of interest: Requires that there is a legitimate interest, that the processing is necessary to satisfy the legitimate interest and that the registered interests do not outweigh it.

  • Fulfilment of contract: Used when the processing is necessary to fulfil a contract with the UGC creator. This legal basis can only be used when the person whose personal data appears in the material is the same as entered into the contract.

The legal basis on which it is suitable to base the processing of personal data depends on the circumstances, for example, which type of UGC it is and how it shall be used in the marketing.

In order to manage UGC in a way that ensures privacy, companies should have clear policies and procedures for obtaining and documenting consent and balancing interests.

Information on how the personal data is processed must be provided to the persons whose personal data appear in the material. Regular deletion of personal data is also necessary in order to comply with the principle of storage minimisation.

Practical advice for use of UGC

  • Ensure that you have consent to use the material from the UGC creator, and that the conditions for use are clear for both parties.

  • Create a clear policy and procedures for entering into license agreements, which material is suitable to use and for processing of personal data.

  • Avoid material where there is a greater risk of infringing another party's rights or where there are several co-creators.

  • Document balances of interest and have a method for obtaining and withdrawing consent.

  • Regular deletion; personal data may not be stored for longer than necessary.

Challenges in B2B

UGC does not always need to derive from consumers; it can also be created by companies and collaborative partners. These cases often require a more extensive consent, as other rights, such as company name and brand, can be involved. There can also be underlying collaboration agreements that regulate similar issues.

It is important to remember that the requirements in relation to GDPR and the Act on Names and Images in Advertising also apply in these contexts. When it comes to processing of employees' personal data, consent is not usually a suitable legal basis, as it can be questioned whether the consent in an employment relationship really is voluntary.

Cookies and privacy protection

Cookies are small text files that are placed on a user's device when they visit a website. They are used to improve the user experience by saving login details, adapting content and analysing user behaviour for marketing purposes. According to the Electronic Communications Act, the user's consent is required for non-necessary cookies. Users must be informed of, among other things, which cookies are used, their purposes and storage time. Furthermore, the users must have the option at any time of withdrawing their consent.

Practical advice for cookies

  • Use a clear cookie banner where the user can reject non-necessary cookies and obtain information about which categories of cookies are used.

  • Provide a cookie policy that describes the use of cookies, their purposes and how long the information is stored.

  • Ensure that the users can withdraw their consent at any time.

Contact us for expert support

Managing UGC and cookies entails a constant balance between minimising legal risks and maintaining practical feasibility in your operations. At Advokatfirman Lindahl, we have experience in managing these challenges and we offer tailored solutions that help you to navigate these issues.

Our services include:

  • Strategic advice: We work in close proximity to you in order to develop strategies that do not just meet legal requirements, but also support your business objectives. We help you to find the right balance between risk management and operational effectiveness.

  • Policy development and implementation: With our help, you can create and implement policies and procedures that are both legally sustainable and practically feasible, ensuring that you can act swiftly and effectively in a changing digital environment.

  • Compliance assessment: We offer an extensive review of your existing processes to ensure that they are in line with current requirements, including GDPR and the Electronic Communications Act, without compromising your business's flexibility.

Have us assist you in navigating these complex issues with a solution that is both secure and practically feasible. Contact us to discuss how we can support you in achieving secure privacy and compliant digital marketing.

Intellectual property

Lindahl is one of Sweden’s leading legal advisors on intellectual property law and is highly ranked by international ranking institutions. Our experts offer high-quality advice in the field of intellectual property law.

Visit page

Related

Contact

Some cookies are essential, others help us improve your experience by providing insights into how the site is used. For more information, please visit our Cookie Policy.

Essential Cookies

These cookies are necessary for the functionality of the site and cannot be disabled.

Analytics Cookies>

We use Analytics cookies to collect information that gives us insight into how our website is being used. We anonymize IP addresses in Google Analytics. By clicking on Decline we won't save theese cookies.

Decline
We use cookies to get insights on how our site is used and give our visitors the best possible experience