#Cookielaw: Don’t Do Nothing
So there it is, our 11th hour reprieve really did come at the 11th hour. Or 8771st hour if you account for the fact that it was already a year late. But the good news is, it did come. Once the anti-ICO wrath has calmed down i think a lot of us will look deep inside and say "ok, ok, this is exactly what i thought would happen". This time they really tested our belief in common sense prevailing.
Cookies in the chair
Now I know this directive is much wider than the intricacies surrounding cookies and web analytics. However the crux of the debate for many (most?) analysts and site owners surrounded why anonymous web analytics cookies were included in the directive at all. And why the language lacked any technical distinction between different cookie types (apart from to point out that they are all included).
So it was with huge relief that we read the latest update on Friday which effectively exonerated all web tracking vendors, website owners and web analysts from the heinous crime of understanding what users want to see on our websites.
No need to be explicit
In the ICO’s own words:
"The Information Commissioner recognises that gaining explicit opt-in consent for analytics cookies is difficult and that implied consent might be the most practical and user-friendly option."
We don't need to seek alternative employment.
So, if pushed to comment (and I am being pushed to comment) on Friday's update from the ICO, I would have to summarise by saying that it all turned out just as we expected (but were not really brave enough to shout about publicly). You see, it turns out that after all of that fuss, implied consent is just fine.
A game of doctors and patients
In the ICO's words:
"In the context of cookies, similar consent might be inferred from a series of user actions which do not in isolation constitute a direct expression of the user’s thoughts about cookies – they have not, in effect, ticked a box accepting cookies – but which in context act as a strong enough indication that they agree to cookies being set."
OR in the ICO's Doctor and Patients Land:
"The patient and doctor would hold a conversation during which the doctor might offer an invitation to the patient to lie down on an examination couch. In the context of this exchange the doctor might now be able to infer consent from the patient’s actions based on the fact that there is a shared understanding of what is happening."
EXCEPT, where this analogy falls down is that the doctor wasn't required to make the terms and conditions of this examination available to the patient first. Which might have looked something like this:
"I am now going to carry out an examination in which I will be required to touch certain areas of your person and learn certain things about your health. I may share this information with medical peers in order to gain a more complete diagnosis, however you are protected by my oath......blah.......blah...... By lying on this table you consent to these terms."
The parallel with your website is that you ARE required to inform your users of how you are tracking them and to what end. To stay in the Doctor's surgery, this preamble could be pinned on the wall in an obscure corner of the waiting room or or perhaps written at the bottom of your appointment slip.
So, it appears (and no this is not legal advice) the best thing to do is just not to do nothing. By doing nothing, you are not helping to inform your users. As the ICO's research indicates, only half of your users even know what a cookie is. So the onus is on you to become the educator. You can do this by providing comprehensive, useful information about all of your tracking technologies, and making that easy for your users to find.
This is eminantly sensible regardless of recent regulatory change. As an industry, it is in our interest to educate website users in a balanced way. This should be comprehensive, transparent and ongoing. The more informed users are, the more immune they will be to media (or governmental) scaremongering and that can only be a good thing.
So, once we've gotten over the irriatation of a SECOND change of plan just 24 hours prior to the law going into force, we can go about implementing our solutions. I can't help feeling sorry for all those out there who have had sleepless nights and busy days getting a solution in place. Less so the numerous 'comply or die' companies who have been scaring our clients into spending a few quid with them.
- Homer Simpson: www.tu-pc.com
- U Turn Permitted: rta.nsw.gov.au
- Scrubs: cr.chu.cam.ac.uk