25th May 2011 is a red-letter day for anyone based in Europe working in marketing. It's the day when the new EU cookies law comes into effect. The Privacy and Electronic Communications Directive will introduce a general rule of opt-in for the use of cookies on websites - currently visitors have to opt-out.
THE LEGAL DIRECTIVE
How to implement the opt-in will be left to individual country members to define. This could be as soft as including it in your site privacy policy to explicitly having an alert on entry to your site specifying what cookies you use and data you collect with an "accept" button. It's a safe bet that Germany will opt for the most explicit option, given their historic concerns over data and privacy. The nature of the notice will also depend on the type of data collected.
Whilst in the UK, it is accepted that it will be difficult to implement and enforce anything overnight, as the details are still not defined, James Milligan, legal and public affairs advisor at the, Direct Marketing Association suggests the following actions now:
"Conduct an audit of all cookies to identify the different types and to remove any obsolete ones. Then you can start thinking about whether you are going to use terms and conditions of purchase or a privacy policy to obtain consent and whether it’s permissible. For example, you may need express consent for the use of cookies if you’re collecting sensitive personal data."He explains that different types of cookies will have different categorisations, needing different types of consent:
"The new legislation classifies different types of cookies. Some, such as those used for online banking and purchasing, are classified as 'necessary for the provision of service'. This means that organisations may continue to use them, but they have to explain to consumers why they’re using them. There are a number of ways of obtaining consent for these sorts of cookies. You could add them to the terms and conditions, if you’re offering an online banking service.
Third-party cookies are another matter. These are useful to the organisation using them but are particularly intrusive form the consumer’s point of view. Typically, organisations use them to track the user’s movements on its websites and external ones and deliver advertisements based on this journey, also known as online behavioural advertising (OBA). The new law will require organisations to get consent for such cookies and make people fully aware of how the cookie will work, in plain, simple terms that they can understand."
THE TECHNICAL RESPONSE
The browser manufacturers have responded to the privacy issue in their new releases this year, the most prominent of which have been Microsoft's IE9 and Firefox 4.
Both have included a "do not track" feature. This is a global option which transmits special information with every page request, telling the site that the user does not want to be tracked. However, this relies on a standard being developed and adhered to in which site developers include code to recognise and respect the request. Whilst The World Wide Web Consortium (W3C,) have accepted and published Microsoft's member submission for standardized privacy features, this approach will rely on self-regulation and a slow roll out of the standard.
IE9 also includes a filter list - "tracking preference list". This enables users to grow a list of sites they don't want to be tracked by, as well as building a "white list" of sites they are OK with.
THE REALITY
So how will we react to all these new-found privacy rights?
Well, both of the do not track functions provided by the manufacturers are very buried in the browser options. I remember Jacob Nielsen advising that the only bits of a browser you could safely rely on people knowing how to use were the back button and the scroll bar. And, in fact, users have always had the option to switch things like javascript off if they are concerned about privacy and security, but the reality has been that very few people actually do, despite most research saying that we all care deeply about it.
This was quantified last year by a developer at Yahoo who analysed their visitor traffic to identify the percentage who actually bothered to switch javascript off. Here's a graph of his findings, you can read his full analysis here.
And how will marketers respond?
We will begin to see notices on entrance to sites, stating their use of cookies, data collected and providing a button to "accept" and add to your tracking preference list. Less scrupulous sites will probably start to incentivise the accept option, rolling it into an entry for a competition etc. The more technically minded will start to look for work-arounds.
However, the politicians are already beginning to back-peddle as the complexity and difficulty of enforcing any of this become apparent. There seems to be a good deal of "wait and see". The introduction of the browser functions appears to be appeasing many.
So, in short, the answer to the debate is to give people more of the same options, deeply hidden in their browser configuration, which the majority of us will ignore.
My favourite comment so far on developments comes from Calc Yolatah, a member of the BetaNews Community
"Microsoft benchmark of innovation: Ignore Rugby; Invent American Football; Hide the rulebook."
4 comments:
There are basically four massive issues with this: .
The cost of adding\developing this functionality for all websites within the EU.
This will make all Eu sites much less user friendly.
OBA will be shot giving users more generic and "offensive" adverts again leading to a decrease in sales for EU businesses.
If we can not store data in peoples browsers then this must be stored in databases which will obviously take up space and time again costing more.
This all comes down to a fundamental lack of understanding by users and the EU legislatures about what a cookie is. Every time you sign into any site from the 25ht of May are we seriously going to need a popup stating:
"your details are being stored in a cookie or a session for the duration of your visit blaa blaa blaa".
http://www.davidnaylor.co.uk/eu-cookies-directive-interactive-guide-to-25th-may-and-what-it-means-for-you.html is a great follow up article on this.
Follow the david naylor link from Mike above - very funny...
...oh, and BTW, I forgot to quote what Ed Vaizey, the Minister for Culture, Communications and the Creative Industries (and the cookie directive) has said about enforcement:
“We recognise that work will not be complete by the implementation deadline. The government is clear that it will take time for meaningful solutions to be developed, evaluated and rolled out.
We recognise this could cause uncertainty for businesses and consumers. Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies.”
The IAB have launched an initiative to include an icon denoting behavioral targetting in banners, with a click through to manage your preferences. More information here:
http://www.brandrepublic.com/bulletin/brandrepublicnewsbulletin/article/1065528/behavioural-ads-europe-flagged-icon/
Post a Comment